Re: DKIM


--- "william(at)elan.net" <william(_at_)elan(_dot_)net> wrote:

Having not actually broken out tcpdump and actually done this, I might

regret

saying this later.  That being said, it would seem a 2048 bit key could fit

into a 512 octet DNS packet if that DNS packet contained a domain name of

no

more than 60 characters and only two NS records in the authority section 
referring to 3 character hostnames under the same domain.


One must be very careful about what a DNS server may return and what a DNS
server
*must* return. Eg: try 

$ dig s2048._domainkey.emu.st txt

As the name suggests, this is a 2048 bit key that fits in 458 bytes of
response.

Also of course, base64 is not particularly compact, other representations, such
as base127 are more efficient and a binary representation in a specific RR
affords key sizes well in excess of 3000 bits, not counting EDNS0 or
continuation records.


Mark.

<Prev in Thread]	Current Thread	[Next in Thread>
DKIM, Dave Crocker Re: DKIM, wayne Re: DKIM, David Woodhouse Re: DKIM, Michael Weiner Re: DKIM, Arvel Hathcock Re: DKIM, william(at)elan.net Re: DKIM, Tony Hansen Re: DKIM, william(at)elan.net Re: DKIM, Andrew Newton Re: DKIM, william(at)elan.net Re: DKIM, domainkeys-feedbackbase02 <= Re: DKIM, Andrew Newton Re: DKIM, Jim Fenton Re: DKIM, wayne Re: DKIM, Jim Fenton Re: DKIM, wayne Re: DKIM, Frank Ellermann Re: DKIM, Tony Hansen Re: DKIM, Jim Fenton Re: DKIM, Tony Hansen Re: DKIM - Selector, william(at)elan.net

Previous by Date:	Re: DKIM, william(at)elan.net
Next by Date:	Re: DKIM, Andrew Newton
Previous by Thread:	Re: DKIM, william(at)elan.net
Next by Thread:	Re: DKIM, Andrew Newton
Indexes:	[Date] [Thread] [Top] [All Lists]