On Mon, 2005-01-17 at 16:00 -0500, Sam Hartman wrote:
"Douglas" == Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> writes:
Douglas> The selector mechanism in DK could allow each user to
Douglas> have an individual key, although done at this scale,
Douglas> fingerprints look better.
Why do fingerprints look better?
The size of this data in a DNS cache becomes a consideration. The size
of a fingerprint to that of a public-key is a reason the fingerprint
looks more attractive. The amount of this difference becomes even more
significant when multiplied by millions of users.
I suggested an alternative to per-user-keys. This would replace the use
of these keys with a revocation query only when there is an account
identifier included in the header. The TTL on the domain key could be
long, but revocation could still be rapid. The TTL on the revocation
could be long enough to ensure that it is held for the duration of the
life of the key.
-Doug