ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] editorials and nits

2006-07-04 08:26:17
Stephen Farrell <stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie> writes:

Eric Rescorla wrote:

I don't understand the purpose of the fixed exponent of F4. It's
not needed for interoperability because a PKCS#1 RSAPublicKey
(which is what this document implies, though does not say
is stored in the DNS) structure contains the exponent.

My fault I think. In an earlier thread we decided that playing with
the public exponent value could use too much space in the TXT record
and that we'd hardcode the dkim's "rsa" alg id to keys using 65537.

This striked me as fairly misguided optimization. Your average
1024-bit RSA public key is 141 octets long, like so.

 30    - sequence
 81 89 - length

     02 - integer tag [modulus]
     81 81 - length   [modulus]
       <129 bytes of modulus>

     02 - integer tag [exponent]
     03 - length      [exponent]
        01 00 01   - exponent value

If you remove the exponent, this lets you remove the outer sequence
wrapper (3 bytes) and the inner exponent field (5 bytes) for a 
total of 8 bytes (40 bits) or 6%. Consider that the next recommended
step for RSA keylength is generally 1536 bits, or 64 bytes longer. 
If you can't find 8 bytes here, how are you going to find those
64 later? (Or, if you think it's 1536 that pushes you over the line,
what about 2048...)

-Ekr


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html