ietf-mailsig
[Top] [All Lists]

Re: QUERY: Key Server Choices

2005-07-27 11:46:50


On Tue, 26 Jul 2005, wayne wrote:

What are your reasons for considering HTTP to be heavy-weight protocol?

I dunno about Mike, but I consider HTTP to be heavy-weight because an
HTTP GET transaction will likely be as costly in terms of both
bandwidth and latency as an SMTP transaction.

HTTP GET is one transaction, SMTP is multiple ones.
SMTP involves entire email message data which can arbitrary large in size, where as public key or certificate retrieval is fairly fixed size data, smaller then almost any email message.

I also think that there will be resistance by many mail admins and MTA
authors to adding in complete support for HTTP on their mail boxes.

How many unix systems do you know that don't have wget or equivalent?
Wget also comes as a library and there are at least 3 more libraries available that do same thing. All such libraries just to get the data
are pretty small compared to real mail server. Adding support for simply
getting data out of HTTP is really not that hard (HTTP server is another
matter, but we have that well covered as well).

And, yeah, I expect that if you are going to allow HTTP, you will need
to do fairly complete HTTP support because people *will* expect things
like redirects to work.

Supporting redirect is not particularly hard, but if redirects is a
problem you can easily specify subset of HTTP that is expected to be supported for purpose of public key or certificate retrieval.

Do you also consider SMTP or LDAP to be heavy-weight?

That depends on the context. Many people also consider SMTP
call-backs for SMTP transactions to be too heavy-weight.

I don't think SMTP call-backs is quite the same thing. To be fair,
I also don't think its quite that heavy-weight either (and many
do use it and it works for them, so clearly it can be used).

--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net

<Prev in Thread] Current Thread [Next in Thread>