On 8/4/2010 12:08 PM, Murray S. Kucherawy wrote:
> The argument against use of DNS, mostly from the DNS operations people, from
> the beginning was twofold: (a) that's not what the DNS is for; and (b) it
> will create undue load on the DNS infrastructure. The first is a religious
> argument, but the second is unknown still as DKIM hasn't got as wide a
> deployment as would be sufficient to gauge its true impact.
The second is also, largely, a religious argument.
There are some specific scenarios that might warrant valid concern, including a
kind of cache pollution for shared caching-only servers, but the DNS is already
servicing a variety of uses and none of the fear-mongers have bother to offer an
analysis that DKIM's behavior will change things. In all likelihood, the fears
are unwarranted because different kinds of queries will come from different
kinds of queries, with /un/shared client-side caching. (The nice thing about
hand-waving, is that it can support a pro- position just as easily as a con-.)
As for your basic proposal, as long as the namespace and registration scheme
remains the same and the security properties are preserved, there is not
anything wrong with a parallel "transfer" mechanism. But note I said "parallel"
rather than "replacement". That is, a mechanism that is better, but still
supports fallback to the DNS protocol.
d/
-- Dave Crocker Brandenburg InternetWorking bbiw.netReceived on Sat Aug 07 2010 - 04:11:49 PST
This archive was generated by hypermail 2.2.0+W3C-0.50 : Sat Aug 07 2010 - 13:50:02 PST