ietf-mailsig
[Top] [All Lists]

Re: revised Proposed Charter

2005-07-27 18:40:40

Andrew Newton wrote:



On Jul 27, 2005, at 5:40 PM, Dave Crocker wrote:



 1) Section 9.4 doesn't say anything about DNS cache sizes.  Since
 caches are a huge part of the robustness of DNS, I think it is
 important to mention.



Do you have text that you suggest be included?


Public keys stored in DNS records are much larger than DNS records used for address lookup and other typical DNS usages. Caching DNS resolvers should limit the amount of memory consumed by the cache, and more memory may be necessary to restore caches to their previous effectiveness.

I agree with this, but the difference isn't as great as it might seem at first glance. A query of nebraska._domainkey.cisco.com (TXT) returns a 342 byte result, but www.cisco.com (A) returns 83 bytes and cisco.com (MX) returns 426 bytes. I'm not enough of a DNS geek to know if all that data is stored in the cache. It seems like the difference isn't orders of magnitude.

This was the main reason that the shorter DNS records used by IIM for key verification were less of an advantage than we at first thought.

-Jim

<Prev in Thread] Current Thread [Next in Thread>