[ietf-dkim] editorials and nits
ekr at networkresonance.com
Tue Jul 4 08:23:01 PDT 2006
Stephen Farrell <stephen.farrell at cs.tcd.ie> writes:
> Eric Rescorla wrote:
>> I don't understand the purpose of the fixed exponent of F4. It's
>> not needed for interoperability because a PKCS#1 RSAPublicKey
>> (which is what this document implies, though does not say
>> is stored in the DNS) structure contains the exponent.
> My fault I think. In an earlier thread we decided that playing with
> the public exponent value could use too much space in the TXT record
> and that we'd hardcode the dkim's "rsa" alg id to keys using 65537.
This striked me as fairly misguided optimization. Your average
1024-bit RSA public key is 141 octets long, like so.
30 - sequence
81 89 - length
02 - integer tag [modulus]
81 81 - length [modulus]
<129 bytes of modulus>
02 - integer tag [exponent]
03 - length [exponent]
01 00 01 - exponent value
If you remove the exponent, this lets you remove the outer sequence
wrapper (3 bytes) and the inner exponent field (5 bytes) for a
total of 8 bytes (40 bits) or 6%. Consider that the next recommended
step for RSA keylength is generally 1536 bits, or 64 bytes longer.
If you can't find 8 bytes here, how are you going to find those
64 later? (Or, if you think it's 1536 that pushes you over the line,
what about 2048...)
More information about the ietf-dkim