On Thu, Sep 10, 2015 at 04:20:20PM -0000, John Levine wrote: > >The hash does not make it to the mail server. It is only used in DNS > >to find the public key. The recipient name is NOT changed. > > Here, I think we agree. In a partitioned mail system (which is not > limited to the largest ones), all of the partitions would have to > export all the keys to one monolithic database. That's what I mean by > scaling badly -- the techniques which work fine to scale up mail > systems don't work here. Without taking a stand on the overall design, I don't agree with the above objection. There is no new requirement for a single database. The hash keyspace can be partitioned in exactly the same way as the recipient address keyspace. What does change is that the partitions responsible for user addresses would need to publish hashes to the corresponding server for the hash in question. -- Viktor.