From: David Woodhouse
Sent: Monday, November 29, 2004 6:33 PM
On Mon, 2004-11-29 at 18:14 -0600, Seth Goodman wrote:
Microsoft and Yahoo have resources that the average site does not.
Not everybody can afford IronPort boxes or specialized MTA
software like yours.
Er, yeah -- but not everybody would _need_ it either.
Some people in the middle will get pushed over the edge by the extra load.
Crypto accelerators would obviously solve the problem. As a hardware
engineer who works with DSP's, I would personally benefit from
an expanded market for such accelerators. Designing them is both
enjoyable and profitable for me. However, as an Internet citizen,
I would not like to see that become part of the price of admission
for email.
It wouldn't be. Mail servers aren't generally CPU-bound and wouldn't
become so with DK. This really isn't a problem.
So say the DK proponents, but the Sendmail data says otherwise. Please
explain how the throughput was reduced to approximately half with short
messages unless that mail server was CPU-bound. The only additional I/O for
the DK authentication is a single DNS query. That would contribute some
latency, but in the steady state, virtually no change in throughput unless
the delays were so long that you became process-bound. Presumably, they set
up their test system so this was not the case. You can't say it is disk
I/O, so where does the slowdown come from if not CPU usage?
We know it takes a few milliseconds of CPU per RSA signature validation,
depending on key length. This amount of overhead just happens to account
for all of the slowdown in their throughput. This is a pretty consistent
story. I don't see how you can continue to assert that this is not a
problem.
--
Seth Goodman