Indeed, any scheme that requires a callback per message has severe scaling
problems.
Let's make sure there is a clear distinction between what is being
labeled "callback", versus the DNS query needed for some of the proposed
authentication schemes:
If it wasn't clear, what I am concerned about are the per-message ticket
schemes that Doug mentioned, and signature or revocation schemes that have
a per message granularity so that the recipient makes a different DNS
query for each message.
Whereas the auth schemes are not per-message and don't even have to be
per-user, so the data being queried are relatively stable. Updates do
not have to be all that frequent.
Systems like Domain Keys can have any granularity from one key that lasts
forever to a new key for each message. The farther you move toward the
latter point, the worse the scaling problems become. I am concerned that
people who are suggesting finer granularity don't appreciate the
performance problems that can cause.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.