[ietf-dkim] user level ssp
wietse at porcupine.org
Wed Sep 6 16:38:38 PDT 2006
> The aspect of user-level SSP that concerns me equally is the transaction
> load. When user-level SSP is "turned on", the verifier MUST query for a
> user-level record in addition to the domain-level record. User-level
> queries are not as effectively cached, since these are queries for
> individual addresses, not domains.
Could someone please explain the nature of the problem that would
exist when these (financial) institutions can't selectively add
DKIM signatures to outbound email? Engineering is about balance,
but I haven't heard enough to make the trade off yet.
With per-user records in the DNS, should we not be worried about
brute-force attacks to guess email addresses?
I'm also worried about the implied requirement that a DKIM verifier
would have to do SSP lookups even when a valid first-hand DKIM
More information about the ietf-dkim