[ietf-dkim] Re: Replay attacks, what's that?
Tony Finch
dot at dotat.at
Sun Aug 7 00:06:17 PDT 2005
On Sat, 6 Aug 2005, Douglas Otis wrote:
>
> User-keys in DNS could have a significant impact on DNS traffic. When
> compared to the overall traffic carried by the the messages, this would
> represent just a percentage of increase. But when considering the
> impact on DNS cache, the effects could be far greater. Perhaps one
> solution for protecting the DNS cache would be to severely limit any TXT
> or KEY record's TTL. However, short TTLs for user-keys AND domain-keys
> would impact the overall performance of email, as every operation would
> likely suffer a DNS lookup, with perhaps an increase in the already high
> DNS response loss rate. With long time-outs and damage to DNS cache,
> the affect that user-keys may have on DNS could be damaging other
> applications as well.
DNS performance depends on the cacheing of NS records, not leaf records,
so forcing short TTLs on DKIM records won't have much impact.
Tony.
--
f.a.n.finch <dot at dotat.at> http://dotat.at/
BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR
GOOD.
More information about the ietf-dkim
mailing list