ietf-mailsig
[Top] [All Lists]

[ietf-dkim] Re: How to solve replay with no specification changes

2005-08-10 01:15:13

On Tue, 9 Aug 2005, Hallam-Baker, Phillip wrote:

...

It starts off by populating the key values as wildcards:

        *.keya._domainkey.example.com   TXT "v=aaaaaaaa"
        *.keyb._domainkey.example.com   TXT "v=bbbbbbbb"
etc

...

This mechanism does not require an excessive number of public key
entries. It does enforce a per message lookup but that is inevitable in
a scheme of this type.

If I remember right, dns caching is done on per-query basis which means the above will result in public key being duplicated/triplicated/etc in every local dns cache (in fact for every message rather ther for every
user), this would be extremely bad for dns.

There is a caching implication here of course, but we are talking about
wildcard lookups here and DNS is already designed to deal with them and
avoid bad caching.

No, it does not. At least not with many (majority?) if deployed dns caching servers.

--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim

<Prev in Thread] Current Thread [Next in Thread>