On Wed, 27 Jul 2005, Douglas Otis wrote:
Public keys stored in DNS records are much larger than DNS records
While DNS records are larger than average, this does not say much of value.
How about being a bit more specific such as:
Due to the above average resources consumed by public keys, the number of
separate keys should be kept proportional to what is required to authenticate
physical sources within the domain. Excessive quantities of these public
keys in DNS, when employed by an application as ubiquitous as email, may
negatively impact DNS performance and stability.
While above is all true, the negative impact on DNS stability is present
with even one public key per domain if architecture is deployed worldwide.
Multiple dns keys or dns keys per each user would make things these things
even worse (and would seem many do want per-user keys and certainly DKIM
allows for it), but using dns for [large] public key data retrieval is in
fact the core factor in all of that.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net