In article <cabugu1pjthmuh33akg1w6cbm_q-rh_qrvtrty_udc7y2cz8...@mail.gmail.com> you write: >> 9.2 describes the problem, but it's expressed in terms of a DoS attack on >> (primarily) validators. The DNS folk will be more concerned with the >> overall load on the infrastructure caused by ARC, not specifically on >> attack scenarios. So in consulting the DNS directorate, it would be good to >> mention the operational impact of 9.2. >> >> I also wonder if it would be helpful to mitigate the operational impact by >> saying that AS SHOULD use the same selector as the associated AMS. > >I would be opposed to adding the suggestion of this sort of restriction on >the basis of hypothetical load impacts.
I agree with Kurt here. I would be astonished if the extra load of ARC lookups were even noticable other than in contrived scenarios. In typical mail systems, every incoming message provokes a blizzard of DNS lookups in DNSBLs for IP addresses and envelope domains, SPF, DKIM keys, checking whether envelope and header address domains exist, and DNSBL lookups up of every domain name in message bodies. ARC is a very slim straw on the back of this particular camel. I do weird DKIM signatures where every signature has a different selector, often with several signatures per message, and the DNS load is still trivial. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
