Jim Fenton:
The aspect of user-level SSP that concerns me equally is the transaction
load. When user-level SSP is "turned on", the verifier MUST query for a
user-level record in addition to the domain-level record. User-level
queries are not as effectively cached, since these are queries for
individual addresses, not domains.
Could someone please explain the nature of the problem that would
exist when these (financial) institutions can't selectively add
DKIM signatures to outbound email? Engineering is about balance,
but I haven't heard enough to make the trade off yet.
With per-user records in the DNS, should we not be worried about
brute-force attacks to guess email addresses?
I'm also worried about the implied requirement that a DKIM verifier
would have to do SSP lookups even when a valid first-hand DKIM
signature exists.
Wietse
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html