[ietf-dkim] editorials and nits
Eric Rescorla
ekr at networkresonance.com
Tue Jul 4 08:23:01 PDT 2006
Stephen Farrell <stephen.farrell at cs.tcd.ie> writes:
> Eric Rescorla wrote:
>
>> I don't understand the purpose of the fixed exponent of F4. It's
>> not needed for interoperability because a PKCS#1 RSAPublicKey
>> (which is what this document implies, though does not say
>> is stored in the DNS) structure contains the exponent.
>
> My fault I think. In an earlier thread we decided that playing with
> the public exponent value could use too much space in the TXT record
> and that we'd hardcode the dkim's "rsa" alg id to keys using 65537.
This striked me as fairly misguided optimization. Your average
1024-bit RSA public key is 141 octets long, like so.
30 - sequence
81 89 - length
02 - integer tag [modulus]
81 81 - length [modulus]
<129 bytes of modulus>
02 - integer tag [exponent]
03 - length [exponent]
01 00 01 - exponent value
If you remove the exponent, this lets you remove the outer sequence
wrapper (3 bytes) and the inner exponent field (5 bytes) for a
total of 8 bytes (40 bits) or 6%. Consider that the next recommended
step for RSA keylength is generally 1536 bits, or 64 bytes longer.
If you can't find 8 bytes here, how are you going to find those
64 later? (Or, if you think it's 1536 that pushes you over the line,
what about 2048...)
-Ekr
More information about the ietf-dkim
mailing list