spf-discuss
[Top] [All Lists]

RE: domainkeys

2004-05-27 10:24:20
From: Ryan Malayter
Sent: Thursday, May 27, 2004 11:54 AM


[Chris Drake]
A base64 encoded public key of useful strength is around 920 bytes
long after stripping out unnecessary headers etc; an unrealistic
burden to place on DNS.

First of all, a 1024-bit public key encoded in base-64 is 171 bytes, not
920. I think you got your bits and bytes confuse. The RSA exponent used
in x.509 is common to every key (65537) and only takes up 2 bytes to
encode in any case. We only really need ot encode N, the modulus. So
we're talking about ~175 bytes here for useful keys, not 920.

Also, long-lived DNS caching all but eliminates the bandwidth problem.
Domain keys will not change quickly, they can have TTLs of weeks or
more. It is not, IMHO, unrealistic to put a burden of a 1K per recipient
per week on the DNS infrastructure.

Now, the issue of DNS packet sizes and TXT records is another matter
entirely, but can we support broken DNS resolvers that cannot handle
medium-sized (>128 bytes) or fragmented packets forever?

As I'm interested in asymmetric crypto with public keys provided by DNS as
an alternative to CBV's for an SES implementation, I am curious as to how
secure the signature would be if the public key was reduced in size to fit
in a 128-byte DNS packet.  Does DNS support UTF-7 or binary data for any
RR's to reduce the byte count? I also would like to know how large the
resulting signature is.  This is different from DomainKeys, since we would
like to use it to validate MAIL FROM: before DATA.  My preliminary reading
leads me to believe that none of the existing asymmetric crypto methods have
a small enough signature to fit in MAIL FROM: and a small enough public key
to fit in a 128-byte DNS packet while maintaining adequate security.  I hope
I'm wrong about this, and perhaps you can steer me in the right direction.

Since DomainKeys is an after-DATA protocol, what's the advantage of it over
S/MIME?  I know that S/MIME doesn't protect all the headers it could, but
are there other deficiencies that DomainKeys fixes?

--

Seth Goodman


<Prev in Thread] Current Thread [Next in Thread>