To:
keydist@cafax.se
From:
Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date:
Tue, 08 Jan 2002 12:56:09 -0500
In-reply-to:
Your message of "Mon, 07 Jan 2002 13:20:33 PST." <p0510100fb85fc0ef41d7@[165.227.249.20]>
Sender:
owner-keydist@cafax.se
Subject:
Re: From whence we came...
-----BEGIN PGP SIGNED MESSAGE----- >>>>> "IMC" == IMC <Paul> writes: IMC> It appears that this discussion has more-than-tangentially been about IMC> passing around those blobs in the DNS protocol. A bare public key can IMC> be probably fit in the 512-octet limit that most people put on DNS IMC> under UDP; a typical PKIX certificate probably cannot. So the choice IMC> of the blob is in fact important for this discussion. Yes, that is true. If we want to make this a requirement, then I guess we should write this down. A raw 2048 bit RSA key is 1byte (length of exponent) exponent - usually 1 byte. public key So it is 2+256 bytes in length. With overhead, you might even fit 2 public keys in 576, but I'd have to add it up. This is the major argument for not doing RR-subtyping - if you can get precisely what you want back, then you don't have a huge reply, even if there are two keys due to key rollover. If you don't do RR subtyping, then we need a RR for each type of key that wishes to be stored in DNS. There are about 200 left. Not so many that we should throw them away frivolously, but not so few that we can't afford to think about this. I think that this is the main issue: do we burn a RR per use. If we do, then it doesn't matter what goes in - they will have to be documented seperately anyway. ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: latin1 Comment: Finger me for keys iQCVAwUBPDsyuIqHRg3pndX9AQEE7wP/a2l6C60ZD8KFJjuM91dvjMu3NrQSp+Gs QJ95CQKkJQPVWeaPylpmfiH4knEaxvc0x7caW9drLpn4xgpTQZsNSHV5fFHld83v J6bTLUXb2j4qrMkFzb7qpeYQfJrfpMk9OgoixRDICd1oqGCVaklsZxGZWKRFoiNZ e0KM3SOnZB8= =r6/S -----END PGP SIGNATURE-----