spf-discuss
[Top] [All Lists]

[spf-discuss] Re: Fwd: Automatic key verification / CERT in DNS / RFC4398

2006-04-06 05:38:49
On Wed, 5 Apr 2006 20:03:36 -0500, Brad Knowles said:

      I haven't looked that closely into DKIM, but I'll take you at 
your word with regard to the weaknesses you describe.  However, this 
doesn't mean that these weaknesses can't be fixed.

Experience has shown that designing such a protocol is very hard.
After about 8 years of OpenPGP the major problem new implementations
have are the canonization rules. The are really simple with OpenPGP:
trailing white space and line endings are the only things to care
about.  Still there are a lot of discussions about the edge cases.

How checkout the rules for DKIM or, shudder, XMLSIG.  They are really
really complicate.  Getting the protocol right and writing compatible
implementations will be major untertaking.  You won't see that the
next 10 years.

      Yeah, but that's probably 31.999999999999999999999999999 more 
bytes than you're storing in the DNS today (per user), and with tens 
of millions of users in a single flat zone, all that adds up really 
fast.

Please name another reliable directory service.  LDAP is far too heavy
and thus I believe DNS can be made workable for such goals much
easier. 

Do you think splitting the zones up in say  us.e.r._pka.example.net
would be helpful?

for the entire domain to tell everyone how to access that web 
server), then we've exchanged DNS server scalability (a subject I 
have some familiarity with and something I care a great deal about) 
for web server scalability (something I know less about, and which I 

And here we know that it works.  Consider all the people using
webmailers or POP3.  No problem at all to serve millions of users.


Shalom-Salam,

   Werner

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com