[ietf-dkim] re: ] Replay attacks and ISP business models
Douglas Otis
dotis at mail-abuse.org
Fri Aug 5 03:19:06 PDT 2005
>
> On Aug 5, 2005, at 10:23 AM, Michael Thomas wrote:
>
>
>>
>> william(at)elan.net wrote:
>>
>>
>>
>>>
>>>
>>> On Fri, 5 Aug 2005, Tony Finch wrote:
>>>
>>>
>>> Its more or less up to the message signer if unique id is there
>>> what that
>>> unique id is common for. BTW - why do you think per-message keys
>>> are much worse (assuming that the settings is such that results
>>> are not to be cached)? In my view it cant be any worse then using
>>> DNSBL and that seems to be working ok with multiple lists tested
>>> for every received message.
>>>
>>>
>>
>> I'm sorry, but I have a real hard time seeing how one can cry
>> about the
>> sky falling wrt the prospects of some domains in the future
>> delegating
>> large numbers of selectors while on the other hand saying that per-
>> message
>> lookups to the home domain from every receiver will not. At the very
>> least, you can't have it both ways.
>>
>
> This "bad-list" lookup would have a minor impact as a negative
> result. This lookup would not need to be made when the HELO is
> with the signature's domain. A user-key lookup would likely be
> just as frequent due to DNS cache concerns. As least with the
> revocation-identifier there could be a method to eliminate the
> lookup in most cases. A bad identifier could be safely given a
> long time to live as well.
>
> -Doug
>
More information about the ietf-dkim
mailing list