On Fri, 2005-01-14 at 14:08 -0500, James Galvin wrote:
--On Friday, January 14, 2005 9:55 AM -0800 Douglas Otis
<dotis(_at_)mail-abuse(_dot_)org> wrote:
Distributing keys for every account would become rather costly. DNS
tends to use about 4 times the memory of the data stored to ensure
fast responses. Keeping the DNS cache on a diet seems like a good
idea, as it has a thyroid problem.
But the key does not have to be per user. An originating site includes
some kind of user identifier (in the simplest case this is probably an
email address) that it understands and then the site applies the
signature.
I think that was basically what I was suggesting by adding the u=xxxx
element to the signature information.
This makes DNS the ideal place to store the keys and it scales well,
since the "site" is known by its domain.
The point was not wanting to wait for a key to expire used by many
accounts. Such a key will likely be retained for more than a week to
ensure delivery of mail. A spammer could send themselves the various
spam they wish to distribute and, even if the account is closed, they
could send millions of copies of these messages from elsewhere and
receive confirmation until the expiration of the key. A spammer would
only need 50 accounts to continue their spamming for year by abusing the
signature. Without being able to immediately respond to a problem,
defending the signature's reputation or seeing a benefit from the use of
a signature would be made difficult.
For such large providers, an additional mechanism could be used. Do a
query against the signing domain's for a revocation record that has a
label made from this unique identifier.
-Doug