On Feb 23, 2006, at 1:54 PM, Hallam-Baker, Phillip wrote:
Clean room implementation is irrelevant as far as patents are
concerned.
Agreed, which is why it would be difficult. : )
I do not believe the 25% inefficiency introduced by base 64
encoding adds to the problem of small DNS record sizes in a
significant or important manner or that your proposed transition to
a binary format solves the problem to a significant or useful degree.
When a 2048 bit key is to be handled, with the 'g=' parameter and a
new hash callout, the space remaining is 93 bytes, assuming a domain
with 4 labels with a selector. From these 93 bytes, 5 labels, the
local-part and hash function must be defined where the average item
size must be less than 14 bytes. When a binary DKIM Key RR is used,
the remaining available space is 192 bytes, which then allows an
average item size to be greater than 27 bytes. This provides twice
the available space, which is _not_ insignificant. The cases where
the DNS payload overflows would be much fewer.
We know that 4096 bit keys will not fit into a standard DNS record.
By the time this size key is needed, hopefully DNSsec is also available.
The difficulties you raise with TXT records appear to be
insignificant compared to the fact that about half the deployed
infrastructure does not support new binary records and it will be
2009 at the very earliest before the vendor concerned makes a new
server release.
There was not a suggestion to use a new binary record. The proposal
was to employ an existing record in a binary fashion.
People might not mind your endless confused speculation over non-
problems so much if you appeared to be interested in the real
problems we face.
Calculating DNS payloads is out a concern related to exceeding DNS
payload limitations which is a real problem. Dismissal of concerns
by indicating it does not work with 4096 bit keys and with the
comment about a 25% inefficiency without exploring the ramifications
seem highly speculative and not related to the problems at hand. I
have every desire to see DKIM succeed by paying attention to these
details.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html