To:
dnssec@cafax.se
Cc:
bmanning@vacation.karoshi.com
From:
bmanning@karoshi.com
Date:
Mon, 9 Sep 2002 15:23:48 +0000 (UCT)
Sender:
owner-dnssec@cafax.se
Subject:
key length & fragmentation
putzing about with keys of various lengths shows that when keys are over a certain size, UDP fragmentation sets in, In some cases, it is possible to actually get rollover to TCP (although this seems to be a corner case) now I've been told that UDP fragmentation can be a bad thing, leading to all sorts (well some kinds anyway) of odd operational failures that are hard to debug. UDP failure and rolling over to TCP is also considered a bad thing. so this question, "should key lengths be selected to avoid fragmentation/TCP use?" if so, why? if not, why not? --bill