ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] user level ssp

2006-09-06 15:51:53
J.D. Falk wrote:
On 2006-09-06 10:45, Hallam-Baker, Phillip wrote:

The main value I see in user level policy is easing phased
deployment. If you are a bank with 100,000 employees with email and
you want to deploy DKIM you probably want some form of hook that lets
you do it in stages.

So they'll have 100,000 SSP records?

Perhaps there's an easier, more flexible, more scalable hook...like
"we don't sign all mail."


There's a subtlety in draft-allman-dkim-ssp-02 that if user-level SSP is
specified but no user-level record is found, it uses the domain-level
SSP.  So if there are a few exceptions to the domain-level SSP, you only
need to publish a few.  In any case, for your example, no more than
50,000 :-)

The aspect of user-level SSP that concerns me equally is the transaction
load.  When user-level SSP is "turned on", the verifier MUST query for a
user-level record in addition to the domain-level record.  User-level
queries are not as effectively cached, since these are queries for
individual addresses, not domains.

-Jim
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html