--On Friday, January 14, 2005 9:55 AM -0800 Douglas Otis
<dotis(_at_)mail-abuse(_dot_)org> wrote:
While most domains would not need such a feature, for those domains that
have many accounts, this feature could prove useful. Distributing keys
for every account would become rather costly. DNS tends to use about 4
times the memory of the data stored to ensure fast responses. Keeping
the DNS cache on a diet seems like a good idea, as it has a thyroid
problem.
But the key does not have to be per user. An originating site includes
some kind of user identifier (in the simplest case this is probably an
email address) that it understands and then the site applies the
signature.
This makes DNS the ideal place to store the keys and it scales well,
since the "site" is known by its domain.
Jim