Larry Seltzer: DomainKeys is good

Gosh. Two posts linking to Larry in one day? People will talk...

Larry's article is a well-argued case for Yahoo! DomainKeys. In summary:

• Yahoo! is playing nice about suggested changes
• It's also playing nice about IP licensing
• The crypto burden isn't as onerous as it's cracked up to be

I agree with him that the CPU burden shouldn't be an issue. Anyone who's worked with well-designed large-scale email for long enough realises that the bottlenecks are to with disk I/O, not CPU horsepower. Unfortunately, most Exchange boxen quake at the thought of additional CPU load...

However, there are other burdens of crypto approaches, which are more to do with key generation, key management, and cache coherency. None of this is rocket science, but it could impose significant "friction" to impede adoption.

As I also said in that eSeminar, there's room for more than one authentication scheme. Indeed Meng Wong argues that, as things stand, we need both SPF/SenderID and DomainKeys, in order to cover all the corner cases.

But there are other reasons to love SPF more than DomainKeys. I mean, what's not to love about a developer who confesses that he "remains very shy with girls" and looks like this? ;-)