> [mailto:[EMAIL PROTECTED] On Behalf Of Jim Fenton > william(at)elan.net wrote: > > > > On Wed, 6 Sep 2006, Jim Fenton wrote: > > > >> The aspect of user-level SSP that concerns me equally is the > >> transaction load. When user-level SSP is "turned on", the > verifier > >> MUST query for a user-level record in addition to the domain-level > >> record. User-level queries are not as effectively cached, since > >> these are queries for individual addresses, not domains. > > > > Actually your tree-walking in general is what's most > troublesome to me. > > This is what would cause the most problems and most extra > queries and > > cache misses (I know NXDOMAIN can be cached but don't > assume you can > > rely on it). And I don't think this will fly during > last-call and/or > > when DNS folks see this. > The tree-walking issue (separate from the user-level SSP) > issue has concerned me too. The allman-dkim-ssp-02 draft has > it down to 2 queries > -- much improved from the previous revision, in part because > of the use of a separate RR.
The tree walking is definitely a liability to be discarded. Once tree walking is discarded however we have made an incompatible change and we should therefore address the other issues. In particular the use of punctuation syntax which is needlessly opaque and error-prone. Even with a custom RR it will be necessary to have a macro processor to generate wildcard records for existing nodes. Use of custom RRs will not work with the Windows 2003 DNS server at an acceptable level. The server can be coaxed to emit the data but it is not possible to enter it using the standard administration interface and the server does not save the custom RR data. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
