I have not seen an argument that these proposals scale to a key per
message. I'm not saying they don't; I'm saying that's not how people
seem to be thinking about the problem or writing software.
I don't think that's likely either, but assuming you had a specialized DNS
server that could handle the stream of key updates, I don't see any reason
to rule it out.
People often get upset when one starts talking about a per-message
callback verification lookup, because this imposes the cost of a joe-job
on the victim site. One of the reasons for a per-domain keying structure
is to make most of the verification occur at the recipient sites
independent of the claimed sender.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
ARDNAMURCHAN POINT TO CAPE WRATH INCLUDING THE OUTER HEBRIDES: SOUTHWEST 6 TO
GALE 8 DECREASING 5 TO 7 FOR A TIME, BUT OCCASIONALLY SEVERE GALE 9 LATER IN
NORTH. BLUSTERY SHOWERS, TURNING WINTRY. MODERATE OR GOOD BECOMING POOR AT
TIMES. ROUGH OR VERY ROUGH, BECOMING HIGH LATER IN WEST.