This is an important question for Doug's scheme, should revocation be per
message or per user?
I was thinking per user but there might be an advantage to per message, then
we get an effective message recall scheme for free as a bonus.
I think we need to think about the choice.
-----Original Message-----
From: owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Andrew
Newton
Sent: Saturday, March 05, 2005 11:10 AM
To: Mark Baugher
Cc: Hallam-Baker, Phillip; MASS WG
Subject: Re: In response to Housley-mass-sec-review
On Mar 4, 2005, at 9:21 AM, Mark Baugher wrote:
Revocation schemes that scale up to the numbers we are discussing
typically don't attempt to mirror the DNS nor require large server
farms
Let's say Yahoo has 40 million email accounts (that's probably pretty
high) and has to revoke 10%. That's 4 million A records. I know of
several small organizations that support twice that much DNS
info just
using stock BIND. Plus this assumes that all 10% are
revoked with in
the same active key period. Once the signing key has been
removed from
DNS, there is no need for the corresponding A records as well.
-andy