ietf-dkim
[Top] [All Lists]

RE: tree walking (was - Re: [ietf-dkim] user level ssp)

2006-09-06 21:45:12

[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Jim Fenton
william(at)elan.net wrote:

On Wed, 6 Sep 2006, Jim Fenton wrote:

The aspect of user-level SSP that concerns me equally is the 
transaction load.  When user-level SSP is "turned on", the 
verifier 
MUST query for a user-level record in addition to the domain-level 
record.  User-level queries are not as effectively cached, since 
these are queries for individual addresses, not domains.

Actually your tree-walking in general is what's most 
troublesome to me.
This is what would cause the most problems and most extra 
queries and 
cache misses (I know NXDOMAIN can be cached but don't 
assume you can 
rely on it). And I don't think this will fly during 
last-call and/or 
when DNS folks see this.
The tree-walking issue (separate from the user-level SSP) 
issue has concerned me too.  The allman-dkim-ssp-02 draft has 
it down to 2 queries
-- much improved from the previous revision, in part because 
of the use of a separate RR.

The tree walking is definitely a liability to be discarded.

Once tree walking is discarded however we have made an incompatible change and 
we should therefore address the other issues. In particular the use of 
punctuation syntax which is needlessly opaque and error-prone.

Even with a custom RR it will be necessary to have a macro processor to 
generate wildcard records for existing nodes.

Use of custom RRs will not work with the Windows 2003 DNS server at an 
acceptable level. The server can be coaxed to emit the data but it is not 
possible to enter it using the standard administration interface and the server 
does not save the custom RR data.


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>