ietf-mailsig
[Top] [All Lists]

RE: Will user-keys cause DNS cache to explode?

2005-08-03 09:41:46


On Behalf Of Tony Finch

On Tue, 2 Aug 2005, Hallam-Baker, Phillip wrote:

The DNS cache issue is bogus, you only see the effect if 
you CHOOSE to 
turn on verification.

Doug mentioned verification by MUAs, which is not something 
that a network operator can control, and which will 
significantly increase the load on DNS caches if it becomes 
popular. However I think this is a per-site scaling problem 
(each site may have to upgrade its caches), not a network- 
wide scaling problem (the DNS won't melt down).

OK that is a reasonable point. However I don't see a sudden spike in DNS
usage from MUA use unless we have a situation where all the MUAs in a
network suddenly turn on DKIM verification simulataneously.

This is of course possible in certain situations, e.g. corporate IT
rolls out a new client to an entire enterprise or Microsoft sends out a
security patch.

I think this is an argument for a suitably worded caution in the
Security Considerations section. It does not appear to me to be a 'show
stopper' for the protocol architecture.

<Prev in Thread] Current Thread [Next in Thread>