RE: charter constraints list

From: Miles Libbey
Sent: Saturday, October 02, 2004 1:10 PM


<...>

As I recall, it was more like $50k, and that assumed that all of our
email -- both inbound and outbound was signed. Hotmail has publically
indicated that it blocks over 3 Billion messages per day, and yahoo
mail handles mail for a similar size user base -- hopefully that gives
an indication of the scale we are talking about.


I think this deserves a bit more explanation, since PK crypto signing and
validation are so CPU intensive.  Does the projected additional hardware
cost consist of crypto accelerator hardware?  Are your MTA's currently very
far from being CPU-bound so they can accommodate the extra load with minimal
change?  If it is not proprietary information, could you give us some idea
of the CPU, memory, disk, communications and network resources of a typical
MTA in on of your arrays?

My concern is that being involved in DSP and embedded systems, I know what a
CPU load the RSA algorithms represent.  General purpose CPU's do not handle
them very efficiently.  MTA's that are at small or medium-sized sites with
smaller budgets are often close to CPU-bound, so the extra CPU load may be
far more of an issue for them.  The fact that Yahoo's MTA's will only need a
negligible amount of extra resources does not necessarily imply that more
typical MTA's will be the same.  Have you investigated the performance of DK
at smaller sites with more typical resources?


Sendmail did a much more valid test in July
http://sendmail.net/dk-milter/benchmark/
and determined their DomainKeys implementation would add 8-16% overhead
to MTAs.


Thanks for posting this link.  I was looking for it recently.  The
conclusion they draw is based on a large average message size.  Most spam
are very short messages, and spam is the preponderance of the incoming
stream, so I don't think the conclusion necessarily agrees with the data
they present.  For very short messages, the throughput of this fairly
CPU-rich MTA was reduced to approximately half.  I suggest this is more like
what typical sites with high spam loads will see.

--

Seth Goodman

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Why we really don't require requirements, (continued) Re: Why we really don't require requirements, James M Galvin Re: Why we don't require requirements, James M Galvin Re: Why we don't require requirements, James M Galvin Re: Why we don't require requirements, domainkeys-feedbackbase01 Re: Why we don't require requirements, James M Galvin Re: Why we don't require requirements, ned . freed charter constraints list, Dave Crocker RE: charter constraints list, Seth Goodman RE: charter constraints list, Dave Crocker RE: charter constraints list, Miles Libbey RE: charter constraints list, Seth Goodman <= RE: charter constraints list, George Gross RE: charter constraints list, domainkeys-feedbackbase01 RE: charter constraints list, Michael Thomas RE: charter constraints list, Seth Goodman RE: charter constraints list, Jim Fenton RE: charter constraints list, Seth Goodman RE: charter constraints list, Jim Fenton RE: charter constraints list, Seth Goodman RE: charter constraints list, Michael Thomas RE: charter constraints list, Seth Goodman

Previous by Date:	RE: Rambings on RFC2822 signatures., Michael Thomas
Next by Date:	RE: charter constraints list, George Gross
Previous by Thread:	RE: charter constraints list, Miles Libbey
Next by Thread:	RE: charter constraints list, George Gross
Indexes:	[Date] [Thread] [Top] [All Lists]