[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to solve replay with no specification changes

To: "Hallam-Baker, Phillip" <pbaker@xxxxxxxxxxxx>
Subject: Re: How to solve replay with no specification changes
From: "william(at)elan.net" <william@xxxxxxxx>
Date: Wed, 10 Aug 2005 01:07:49 -0700 (PDT)
Cc: IETF-DKIM <ietf-dkim@xxxxxxxxxxxx>, MASS WG <ietf-mailsig@xxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-mailsig/mail-archive/>
List-id: <ietf-mailsig.imc.org>
List-unsubscribe: <mailto:ietf-mailsig-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-mailsig@xxxxxxxxxxxx

On Tue, 9 Aug 2005, Hallam-Baker, Phillip wrote:

...

It starts off by populating the key values as wildcards:
	*.keya._domainkey.example.com 	TXT "v=aaaaaaaa"
	*.keyb._domainkey.example.com 	TXT "v=bbbbbbbb"
etc

...

This mechanism does not require an excessive number of public key
entries. It does enforce a per message lookup but that is inevitable in
a scheme of this type.

If I remember right, dns caching is done on per-query basis which means the above will result in public key being duplicated/triplicated/etc in every local dns cache (in fact for every message rather ther for every user), this would be extremely bad for dns.

There is a caching implication here of course, but we are talking about
wildcard lookups here and DNS is already designed to deal with them and
avoid bad caching.

No, it does not. At least not with many (majority?) if deployed dns caching servers.

--
William Leibzon
Elan Networks
william@xxxxxxxx

References:
- How to solve replay with no specification changes
  - From: Hallam-Baker, Phillip

Prev by Date: Design approach to MASS (was Re: [ietf-dkim] On per-user-keying)
Previous by thread: How to solve replay with no specification changes
Next by thread: RE: [ietf-dkim] On per-user-keying
Index(es):
- Date
- Thread