On Nov 29, 2004, at 7:58 PM, Seth Goodman wrote:
From: David Woodhouse
Sent: Monday, November 29, 2004 6:33 PM
On Mon, 2004-11-29 at 18:14 -0600, Seth Goodman wrote:
Microsoft and Yahoo have resources that the average site does not.
Not everybody can afford IronPort boxes or specialized MTA
software like yours.
Er, yeah -- but not everybody would _need_ it either.
Some people in the middle will get pushed over the edge by the extra
load.
Well your choices are manifold:
1) Don't check or sign DK if you don't believe in it.
2) Make the implementation in your MTA faster.
3) Find someone and encourage them to make the implementation in your
MTA faster.
Crypto accelerators would obviously solve the problem. As a hardware
engineer who works with DSP's, I would personally benefit from
an expanded market for such accelerators. Designing them is both
enjoyable and profitable for me. However, as an Internet citizen,
I would not like to see that become part of the price of admission
for email.
It wouldn't be. Mail servers aren't generally CPU-bound and wouldn't
become so with DK. This really isn't a problem.
So say the DK proponents, but the Sendmail data says otherwise. Please
explain how the throughput was reduced to approximately half with short
messages unless that mail server was CPU-bound. The only additional
I/O for
the DK authentication is a single DNS query.
Have you even looked at their code? They write a copy of the message
to disk for signing. And local DNS queries, while fast, are still
expected to be in the 'couple millisecond' range. Honestly, there's
very little you can do with a message that won't push you into the
'several milliseconds' performance hit.
If you're receiving 25 million spam mails per day (their single
machine, 1k message size verification numbers), you can hopefully
afford to invest in the extra $500 machine necessary to take you back
to 50 million spams per day. For instance, your bandwidth costs for
sustaining this will dwarf your hardware costs. You're exaggerating
the cost rather ridiculously and so I suspect you have another motive
for advancing these arguments.
George