Hallam-Baker, Phillip wrote:
Yes, the attack can happen fast, but if they are sending spam the revocation
check will get hammered and there is a great way to spot something odd going
on.
This depends on all authoritative DNS servers being tightly coupled to
the revocation infrastructure, and I'm not sure how practical that is
for everyone. Some mail domains probably don't run their own name
servers; they may do this through their registrar. And every
"hammering" is one that got away (notwithstanding your next comment):
There are two opportunities to block, when the message is received and when
it is opened.
I thought I saw some mention of this on the list, but I didn't see it in
Doug's draft. If this is the case, how long must the revocation records
be retained? It must be much longer than has been discussed for keys (a
week or so to allow delivery of queued messages). It also requires MUA
participation, and can't of course be done when reading messages offline.
I'm not saying revocation indicators are bad -- I'm still trying to
decide what I think. But I'm concerned they're being oversold a bit.
-Jim