[ietf-dkim] Re: How to solve replay with no specification changes
william(at)elan.net
william at elan.net
Wed Aug 10 01:07:49 PDT 2005
On Tue, 9 Aug 2005, Hallam-Baker, Phillip wrote:
...
> It starts off by populating the key values as wildcards:
>
> *.keya._domainkey.example.com TXT "v=aaaaaaaa"
> *.keyb._domainkey.example.com TXT "v=bbbbbbbb"
> etc
...
> This mechanism does not require an excessive number of public key
> entries. It does enforce a per message lookup but that is inevitable in
> a scheme of this type.
If I remember right, dns caching is done on per-query basis which means
the above will result in public key being duplicated/triplicated/etc in
every local dns cache (in fact for every message rather ther for every
user), this would be extremely bad for dns.
> There is a caching implication here of course, but we are talking about
> wildcard lookups here and DNS is already designed to deal with them and
> avoid bad caching.
No, it does not. At least not with many (majority?) if deployed dns
caching servers.
--
William Leibzon
Elan Networks
william at elan.net
More information about the ietf-dkim
mailing list