From: Theo Schlossnagle
Sent: Monday, November 29, 2004 1:49 PM
I don't need to read sendmail's data.
i.e. don't bother me with the facts, my mind's made up?
I would suggest that you do need to read Sendmail's data, as a significant
portion of the planet's email is carried by that MTA.
We have our own implementation and we do not see a two-fold slow
down based on the size of the message.
And the market share of your MTA is what? There is no doubt your product is
superior to the garden variety MTA's, but that's not what most people use.
You always apply asymmetric encryption to the same size
buffer. You don't sign the message, or a canonicalization of the
message, you sign a digest of a canonicalization of the message. So,
the only price that varies based on message size is the cost of
canonicalization and message digestion. Canonicalization is order(n)
-- about 100 thousand messages per second (which is clearly not a
bottleneck). This leaves only SHA1 which is damn fast and can easily
be accelerated with hardware if you are one of the few people in the
world that would have this become a bottleneck.
While I agree with the above, you miss the key point. RSA signature
validation is the expensive step for the recipient. It has nothing to do
with message size. However, normal message processing (without DK) does
depend on message size. That is why it is a problem for large numbers of
short messages for recipients.
In our tests, almost all of the time spent is spent waiting for DNS
resolution. SPF suffers from this more so than DK. And SPF on a
rather large scale has not shown to be a problem.
That is latency as opposed to CPU cycles. RSA signature validation is a
concern from the standpoint of CPU cycles.
--
Seth Goodman