william(at)elan.net wrote:
On Fri, 5 Aug 2005, Tony Finch wrote:
On Fri, 5 Aug 2005, william(at)elan.net wrote:
The problem are those user keys. Yes you could use that, but its
incredebly bad for dns stability (this comes back to the whole point
that public keys in dns is bad and user public keys makes it 10x worse)
where as simple A lookups based on unique id in the signature is fairly
low overhead (but it does mean extra dns lookup).
How unique? Per-domain? per-user? per-message? The latter is much worse
than per-user keys.
Its more or less up to the message signer if unique id is there what that
unique id is common for. BTW - why do you think per-message keys are
much worse (assuming that the settings is such that results are not to
be cached)? In my view it cant be any worse then using DNSBL and that
seems to be working ok with multiple lists tested for every received
message.
I'm sorry, but I have a real hard time seeing how one can cry about the
sky falling wrt the prospects of some domains in the future delegating
large numbers of selectors while on the other hand saying that per-message
lookups to the home domain from every receiver will not. At the very
least, you can't have it both ways.
Mike