To:
dnssec@cafax.se
From:
Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date:
Wed, 18 Sep 2002 21:03:43 -0400
In-reply-to:
Your message of "Wed, 18 Sep 2002 17:28:25 PDT." <200209190028.g8J0SP511548@boreas.isi.edu>
Sender:
owner-dnssec@cafax.se
Subject:
Re: key length & fragmentation
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Bill" == Bill Manning <bmanning@isi.edu> writes:
Bill> Correct, key length has nothing to do w/ EDNS UDP buffer size.
Bill> -HOWEVER- if the key length(s) needed to fit into a 512 byte
Bill> message (presume 3 keys) (( going for the LCD here so don't fuss ))
Bill> may leave us with key lengths that are to short to be worth the
Bill> cycles to generate them. Too easy to break and so we engender
Bill> a false sense of integrety.
Bill> The tradeoff is "strong enough" keys vs fragmentation vs TCP.
Bill> More evaluation is needed to make the tradeoff.
Yes.
But, lets be a bit forward looking.
IPv6 gives us 1280 byte mininum MTU. I'd say that we should design to this
number, not 576.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPYkibYqHRg3pndX9AQHyMQQAyeiyltUIL1yxxJnPus5ERbg9S0r7RSLr
W6TMld7LAWjukj0qvF9dGlnwSS4vqn+QvvlZplsCzlB/0zJSb/1YDGN+qECyWVN+
Kq3xRaIPs87AsZE/MSu8isAWpZV2rw08zIdILqbokBIGE9/1w2ikxDhSgx8H/ZZI
KWDEWXXglgk=
=n+vK
-----END PGP SIGNATURE-----