ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] agenda item on upgrading hash algorithms?

2006-02-23 19:59:18
from [Douglas Otis] [Permanent Link] 

On Feb 23, 2006, at 1:54 PM, Hallam-Baker, Phillip wrote:
Clean room implementation is irrelevant as far as patents are concerned. 

Agreed, which is why it would be difficult. : )
I do not believe the 25% inefficiency introduced by base 64 encoding adds to the problem of small DNS record sizes in a significant or important manner or that your proposed transition to a binary format solves the problem to a significant or useful degree.
When a 2048 bit key is to be handled, with the 'g=' parameter and a new hash callout, the space remaining is 93 bytes, assuming a domain with 4 labels with a selector. From these 93 bytes, 5 labels, the local-part and hash function must be defined where the average item size must be less than 14 bytes. When a binary DKIM Key RR is used, the remaining available space is 192 bytes, which then allows an average item size to be greater than 27 bytes. This provides twice the available space, which is _not_ insignificant. The cases where the DNS payload overflows would be much fewer. 



We know that 4096 bit keys will not fit into a standard DNS record.


By the time this size key is needed, hopefully DNSsec is also available.
The difficulties you raise with TXT records appear to be insignificant compared to the fact that about half the deployed infrastructure does not support new binary records and it will be 2009 at the very earliest before the vendor concerned makes a new server release.
There was not a suggestion to use a new binary record. The proposal was to employ an existing record in a binary fashion.
People might not mind your endless confused speculation over non- problems so much if you appeared to be interested in the real problems we face.
Calculating DNS payloads is out a concern related to exceeding DNS payload limitations which is a real problem. Dismissal of concerns by indicating it does not work with 4096 bit keys and with the comment about a 25% inefficiency without exploring the ramifications seem highly speculative and not related to the problems at hand. I have every desire to see DKIM succeed by paying attention to these details. 

-Doug

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] agenda item on upgrading hash algorithms?, Jon Callas
Next by Date:  Re: [ietf-dkim] agenda item on upgrading hash algorithms?, Mark Delany
Previous by Thread:  Re: [ietf-dkim] agenda item on upgrading hash algorithms?, Jon Callas
Next by Thread:  Re: [ietf-dkim] agenda item on upgrading hash algorithms?, Mark Delany
Indexes:  [Date] [Thread] [Top] [All Lists]