GM> "Seth Goodman" <sethg(_at_)GoodmanAssociates(_dot_)com> wrote:
As I'm interested in asymmetric crypto with public keys provided by DNS as
an alternative to CBV's for an SES implementation, I am curious as to how
secure the signature would be if the public key was reduced in size to fit
in a 128-byte DNS packet. Does DNS support UTF-7 or binary data for any
RR's to reduce the byte count?
GM> Defore we go reinventing the wheel here, let's remember that DNS already
GM> supports KEY records. You can see one (not currently used for anything,
GM> but perhaps soon) by doing a "dig mailhost.m5p.com key" (or your local
GM> equivalent). -- George Mitchell
I assume the leading 512 is the key strength, and the remaining 420 odd
characters make up the key data, so I'd assume a 1024bit key would use
840 or so instead? Where's the cryptographers out there - I recall
there were several reasons why you can't just go supplying chunks of
RSA input, and also other stuff about the necessity of self-signing
etc, and here's an apparent example of someone picking a minimal
strength key yet still using up a load of bits to represent it.
Disclaimer: I'm against "domainkeys" because in it's current form
it's discriminating against me, and I think it's never going to see
the light of day: it's too expensive $, too costly (CPU), way too
technical, ignores legal-crypto-restrictions entirely, starts-end-ends
mid-stream making it mostly pointless, doesn't work on email addresses
(only domains) and requires extraordinary upheaval to infrastructure
to support. SPF *already* works better, already exists, and is easy.
IMHO Nobody besides yahoo themselves is going to support domainkeys as
yet-another-SPF-alternative in the light of all this.
*********.com. 86319 IN KEY 512 3 3
BIs0Jg8nXQfIXRLDyKwyvroBAuHJvfKwL19WfFCKXJ/RRrgIb4cLdQXz
l99KsYY1NQpa/loOJmoXAIFQFqbPaUD+NCDfGsCjIGNT6D55iJKdb18U
J3f1S8YRBejV8oKM3lq7DFnDhs0Y8UbwRGOlodVahmvLYrYZLa4TRh9U
J/Ah2kOslENbqFRi04EIrIzxEZrl4Eloj+8t+zhxJTiiwRivO7hIHXOo
vNWqabCPYriX+NxZQVVozDddNwXYrHwx/zZ1zqo6COcLjwcNSuWGIxWm
S50wjuvFIX1jCxFVmGUNT1CLZGwOOyRXOEq+Ojo+ckVThE1mALG984i7
B7oPpvtAKrv4GEvRo7vzWHQ/irp5WkmSeMUe1JzqNKD5UjanDhMUGugX j3vvGKdQbUHVwevC4CJh
GM> -------
GM> Sender Policy Framework: http://spf.pobox.com/
GM> Archives at http://archives.listbox.com/spf-discuss/current/
GM> Latest draft at http://spf.pobox.com/spf-draft-200405.txt
GM> Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
GM> To unsubscribe, change your address, or temporarily deactivate your
subscription,
GM> please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com