[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Jim Fenton
william(at)elan.net wrote:
On Wed, 6 Sep 2006, Jim Fenton wrote:
The aspect of user-level SSP that concerns me equally is the
transaction load. When user-level SSP is "turned on", the
verifier
MUST query for a user-level record in addition to the domain-level
record. User-level queries are not as effectively cached, since
these are queries for individual addresses, not domains.
Actually your tree-walking in general is what's most
troublesome to me.
This is what would cause the most problems and most extra
queries and
cache misses (I know NXDOMAIN can be cached but don't
assume you can
rely on it). And I don't think this will fly during
last-call and/or
when DNS folks see this.
The tree-walking issue (separate from the user-level SSP)
issue has concerned me too. The allman-dkim-ssp-02 draft has
it down to 2 queries
-- much improved from the previous revision, in part because
of the use of a separate RR.
The tree walking is definitely a liability to be discarded.
Once tree walking is discarded however we have made an incompatible change and
we should therefore address the other issues. In particular the use of
punctuation syntax which is needlessly opaque and error-prone.
Even with a custom RR it will be necessary to have a macro processor to
generate wildcard records for existing nodes.
Use of custom RRs will not work with the Windows 2003 DNS server at an
acceptable level. The server can be coaxed to emit the data but it is not
possible to enter it using the standard administration interface and the server
does not save the custom RR data.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html