Re: [dane] Start of WGLC for draft-ietf-dane-openpgpkey - *please* review.

[Viktor Dukhovni <ietf-dane@dukhovni.org>]

On Wed, Feb 25, 2015 at 01:41:19PM -0800, Brian Dickson wrote:

> There are implications to DNS resolution & caching, if you consider stub,
> recursive, and authoritative actors. It may be the case that multiple
> queries need to be done by the stub, regardless of approach. However, if
> policy discovery involves looking up a single common record per DNS zone
> (e.g. rhs of email address), then this is cacheable and reduces both the
> size of the publishing zone, as well as the number of queries by the
> recursive to the authoritative, per client query.

If by RHS of email address you mean the domain part (the local part
being the LHS), then indeed designs are possible where the case
folding rules are published via a single per-domain key.

However, this does not substantively impact the scalability of DNS
caching, by which I mean that the number of cache entries is
increased by a factor of two rather than some much larger factor.

> _casefolding RRTYPE RDATA as a way of allowing the zone owner to publish
> all the case-folding rules for the zone, and require the client to use this
> to discover the canonical (published) owner name for a given email address.

This complicates the client code, but avoids the factor of two in
the number of cached records.  We would still however need O(10e9)
records in zones like gmail.com.  The only way to eliminate that
problem is to do per-user lookups via an online query service (whose
location is published via DNS) rather than finding users directly
in DNS.

-- 
	Viktor.