DNSSEC mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: dnssec@cafax.se
Cc: bmanning@isi.edu (Bill Manning)
From: Bill Manning <bmanning@isi.edu>
Date: Tue, 17 Sep 2002 09:42:44 -0700 (PDT)
Sender: owner-dnssec@cafax.se
Subject: key length & fragmentation

resend from last week.


        putzing about with keys of various lengths shows that 
        when keys are over a certain size, UDP fragmentation sets
        in,  In some cases, it is possible to actually get rollover
        to TCP (although this seems to be a corner case)

        now I've been told that UDP fragmentation can be a bad thing,
        leading to all sorts (well some kinds anyway) of odd 
        operational failures that are hard to debug.  UDP failure
        and rolling over to TCP is also considered a bad thing.

        so this question, "should key lengths be selected to 
        avoid fragmentation/TCP use?"

        if so, why?
        if not, why not?


-- 
--bill

Follow-Ups:
- Re: key length & fragmentation
  - From: "Scott Rose" <scottr@antd.nist.gov>

Prev by Date: key length & fragmentation
Next by Date: Re: DS and the deployed base
Prev by thread: key length & fragmentation
Next by thread: Re: key length & fragmentation
Index(es):
- Date
- Thread

Home | Date list | Subject list