On 1/6/25 3:42 AM, Richard Clayton wrote:
In message <[email protected]>, Michael
Thomas <[email protected]> writes
> There is something of an advantage of writing
> one DKIM-Signature instead of two or more since signing is the
> expensive operation. Having some new tags and/or new headers to
> sign is pretty trivial in comparison to rolling out something
> "new".
No !! ... the expensive operation is checking signatures since "much"
email contains two DKIM1 signatures and "some" email contains dozens
(sometimes hundreds) of DKIM1 signatures. You will note that the
proposed DKIM2 scheme requires the receiver to check one signature only
if the email arrives direct from the sender and just two in every other
case....
RSA verify operations are about an order of magnitude cheaper than
signing, iirc. But even 20 years ago, I was surprised that the expense
of doing the signing and verifying was so little in comparison to the
rest of processing messages -- especially incoming. That was 20 years
ago, so compute has only gotten cheaper since then. If we update the
cipher suite to include ECC, it would be cheaper yet.
And 100's of signatures? How does that happen? Sounds like a mail loop.
Hardly something to base anything on. Even dozens sounds unlikely in the
extreme. And DKIM doesn't have anything to say about how many you need
to evaluate in the first place. That's up to the receiver.
... so having a flow where one is able to ignore DKIM1 altogether and
work with just DKIM2 (where options that no-one uses are removed and
over-signing is eluded out) simplifies code bases considerably (and at
the billions scale we do not heat up the planet so much).
As I've said elsewhere, it's not clear that the base DKIM mechanism
needs to change for several of the bullets in the charter so we
shouldn't jump to conclusions. Keeping backward compatibility insures
that things don't change for those not interested in upgrading. It also
cuts down on the number of signatures which you seem to be concerned about.
In the short term I expect that senders will sign with both DKIM1 and
DKIM2 but since 90% (or whatever it is) of the world's mailboxes will be
accepting DKIM2 as early adopters (because of the gains it gives them)
it would make sense (and save power) to skip the DKIM1 signature on a
per recipient basis.
90%? Where does that number come from? Good luck getting $corpro to
upgrade anything any time soon. IPv6 has lots of lessons to inform the
likelihood of adoption. Forklift upgrades are generally DOA.
Mike
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
