ietf-mailsig
[Top] [All Lists]

Re: [ietf-dkim] Re: Replay attacks, what's that?

2005-08-07 01:56:30
On Sun, 2005-08-07 at 08:06 +0100, Tony Finch wrote:
On Sat, 6 Aug 2005, Douglas Otis wrote:

User-keys in DNS could have a significant impact on DNS traffic.  When
compared to the overall traffic carried by the the messages, this would
represent just a percentage of increase.  But when considering the
impact on DNS cache, the effects could be far greater.  Perhaps one
solution for protecting the DNS cache would be to severely limit any TXT
or KEY record's TTL.  However, short TTLs for user-keys AND domain-keys
would impact the overall performance of email, as every operation would
likely suffer a DNS lookup, with perhaps an increase in the already high
DNS response loss rate.  With long time-outs and damage to DNS cache,
the affect that user-keys may have on DNS could be damaging other
applications as well.

DNS performance depends on the cacheing of NS records, not leaf records,
so forcing short TTLs on DKIM records won't have much impact.

Increasing the amount of DNS traffic will impact the time required to
obtain any requisite DNS record for any application.  I was attempting
to include both possible strategies, one with a higher level of DNS
traffic when key records bypass the DNS cache as a reaction to user-key
use, or one where the DNS cache may be unable to accommodate the
resulting orders of magnitude increase in resource record data.  Again,
I think this requires study.  The traffic generated by user-keys in DNS
would be further increased when the DNS cache is bypassed for just these
records.    

-Doug

_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim

<Prev in Thread] Current Thread [Next in Thread>