[ietf-dkim] user level ssp
Jim Fenton
fenton at cisco.com
Wed Sep 6 15:44:14 PDT 2006
J.D. Falk wrote:
> On 2006-09-06 10:45, Hallam-Baker, Phillip wrote:
>
>> The main value I see in user level policy is easing phased
>> deployment. If you are a bank with 100,000 employees with email and
>> you want to deploy DKIM you probably want some form of hook that lets
>> you do it in stages.
>
> So they'll have 100,000 SSP records?
>
> Perhaps there's an easier, more flexible, more scalable hook...like
> "we don't sign all mail."
>
There's a subtlety in draft-allman-dkim-ssp-02 that if user-level SSP is
specified but no user-level record is found, it uses the domain-level
SSP. So if there are a few exceptions to the domain-level SSP, you only
need to publish a few. In any case, for your example, no more than
50,000 :-)
The aspect of user-level SSP that concerns me equally is the transaction
load. When user-level SSP is "turned on", the verifier MUST query for a
user-level record in addition to the domain-level record. User-level
queries are not as effectively cached, since these are queries for
individual addresses, not domains.
-Jim
More information about the ietf-dkim
mailing list