On Wed, 20 Aug 2025, Dave Crocker wrote:
Client signing was clearly out of the question since there's no reasonable
way to manage the signing keys, so if they're not going to sign it makes
sense for them not to verify either.
I do not understand what the key management problem is that you are referring
to. I am guessing the issue has to do with multiple users being able to
access the same private key.
But, of course, there is nothing to prevent each user from having a different
private key, tied to different public key, tied to a different selector.
That sort of administrative freedom was one of the reasons for have
selectors.
To put it mildly, that doesn't scale. The largest zone file I know is
.COM with about 300 million records, not counting DNSSEC signatures. A
key per user at a large site like Gmail or Outlook would be an order of
magnitude larger. You could share keys among users, but then if a user's
account is cancelled or his key is compromised, you have to rekey everyone
sharing the key and that doesn't scale very well either.
I'm pretty sure we talked about all this back when we were doing 6376.
Also, by that point we had realized that spam filtering works a lot better
in the MTA than in the MUA. It can look at lots of mail at once, not just
mail to one user, and have shared dynamically updated criteria. You can
still have per-user criteria, but they're applied in the MTA so, among
other things, all of the user's MUAs see the same results.
Except there is nothing preventing having UAs share assessment data with a
common analysis engine.
Hypothetically I suppose that is true, but if there's a common analysis
engine, it might as well do the filtering so the MUAs don't have to
download copies of all the spam.
R's,
John
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
