"John" == John Levine <johnl(_at_)iecc(_dot_)com> writes:
>> The problem is that typically a key will be used to sign
>> messages for the entire domain.
John> Take a look at DK. It lets you use whatever granularity you
John> want, by publishing as many keys as you want in DNS, and
John> having each signature say which key it's using.
I understand the proposals support this. I said typically. As far as
I can tell the scaling analysis assumes that a lot of domains will use
one key per domain and that (particularly affinity domains) will use
per-user keys.
I have not seen an argument that these proposals scale to a key per
message. I'm not saying they don't; I'm saying that's not how people
seem to be thinking about the problem or writing software.
MASS can decide that most users will want per-user keys. Doing so
would involve textual change in the documents and it might cause some
people to change their evaluations of scaling attributes.
--Sam