[DNSOP] Re: draft-fujiwara-dnsop-dns-upper-limit-values-05
Petr Špaček <pspacek@isc.org> Wed, 25 February 2026 14:43 UTC
Return-Path: <pspacek@isc.org>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 2CB84BDF3679 for <dnsop@mail2.ietf.org>; Wed, 25 Feb 2026 06:43:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.399
X-Spam-Level:
X-Spam-Status: No, score=-4.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=isc.org header.b="CTuGeGtj"; dkim=pass (1024-bit key) header.d=isc.org header.b="FWyG723c"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KHYwzQNvBi10 for <dnsop@mail2.ietf.org>; Wed, 25 Feb 2026 06:43:42 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.2.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 518F3BDF3671 for <dnsop@ietf.org>; Wed, 25 Feb 2026 06:43:42 -0800 (PST)
Received: from zimbra10.isc.org (zimbra10.isc.org [149.20.2.90]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id AE97D4E4B8A for <dnsop@ietf.org>; Wed, 25 Feb 2026 14:43:41 +0000 (UTC)
ARC-Filter: OpenARC Filter v1.0.0 mx.pao1.isc.org AE97D4E4B8A
Authentication-Results: mx.pao1.isc.org; arc=none smtp.remote-ip=149.20.2.90
ARC-Seal: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1772030621; cv=none; b=I8CtGMmagdFI06s3VvpYjpWrY8LrBPkyakOQPy2WjWpth39DzGGL+nMJmCXvtfMdU3Xpia8Ewn76u9bgBRIsfZyAw5dr8L8tuEtaI6FMSqlcjtx6LEaWII482d5AdoTmhgjX2n9sxCIZq7UDUaIwS3z81Ye+ZJWUAhGHxBgyc4Y=
ARC-Message-Signature: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1772030621; c=relaxed/relaxed; bh=IhbVx/SnJMQBpTWHjm+dsHFOixoQ6ntU8hIvP99g2iM=; h=DKIM-Signature:DKIM-Signature:Message-ID:Date:MIME-Version: Subject:To:From; b=A7Fj3WqL0AyFhx/yU6EXPmbB10DI4z9msKmVkLioX7NI8WIImELGqYGx7+2nOBLvCF+fERhY3KfvFBTIYnXTJ74pBsJKiY7LFp8O+At3e4ohpZSwE4tH1REdZi8rHu+TMQaBR7IS+5emUJKTpOw9LyKuOb3kaDhdl7eS07CbAVk=
ARC-Authentication-Results: i=1; mx.pao1.isc.org
DKIM-Filter: OpenDKIM Filter v2.10.3 mx.pao1.isc.org AE97D4E4B8A
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=isc.org; s=ostpay; t=1772030621; bh=fI2s3d40+hzZHlpyjimZdNaeuY18ftCLlps+u8lMlf4=; h=Date:Subject:To:References:From:In-Reply-To; b=CTuGeGtjczQazoXAOgn5s81O7yHe9OLZ5lx3/MkdPBiYs9tVlUlxJHGf2zebsK5/t 24asIYPl2Wm+AzZQgt8AAsBekGm+jOsjBUIH5oJnnRq6k4TR4Dpq/LvZwgN5YNCcnz bDIGfD9enfoOKjAVjJutGwxk3qQt23W0GBgVw5Bs=
Received: from zimbra10.isc.org (localhost [127.0.0.1]) by zimbra10.isc.org (Postfix) with ESMTPS id AB0B02E601C5 for <dnsop@ietf.org>; Wed, 25 Feb 2026 14:43:41 +0000 (UTC)
Received: from zimbra10.isc.org (localhost [127.0.0.1]) by zimbra10.isc.org (Postfix) with ESMTPS id A78292E602B8 for <dnsop@ietf.org>; Wed, 25 Feb 2026 14:43:41 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.10.3 zimbra10.isc.org A78292E602B8
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=05DFB016-56A2-11EB-AEC0-15368D323330; t=1772030621; bh=IhbVx/SnJMQBpTWHjm+dsHFOixoQ6ntU8hIvP99g2iM=; h=Message-ID:Date:MIME-Version:To:From; b=FWyG723cDtjhuju02+gtN10k+j3x+cZ3Dh4DJKoKHXIP62mEDCYDnPUHFsCXDAr7w ijH9t/+wjVQdJ4Ifafd7TEwzgfkcSkH1SCrL7Inc435UI0MjJzQFh4JMRtKGx+39GQ XOykCHgY79nyhTxT3B1iK8V7xeoDK2At2EW8DJgg=
Received: from [192.168.25.221] (unknown [83.148.32.161]) by zimbra10.isc.org (Postfix) with ESMTPSA id 587662E601C5 for <dnsop@ietf.org>; Wed, 25 Feb 2026 14:43:41 +0000 (UTC)
Message-ID: <0283d09d-f30a-4bf3-9b82-ce86a126a807@isc.org>
Date: Wed, 25 Feb 2026 15:43:39 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: dnsop@ietf.org
References: <20260210.162822.769915785065787587.fujiwara@wide.ad.jp> <aZkrhQm9kUfDk0gC@p5>
From: Petr Špaček <pspacek@isc.org>
Content-Language: en-US
Autocrypt: addr=pspacek@isc.org; keydata= xsFNBF/OJ/4BEAC0jP/EShRZtcI9KmzVK4IoD/GEDtcaNEEQzPt05G8xtC0P4uteXUwW8jaB CdcKIKR4eUJw3wdXXScLNlyh0i+gm5mIvKPrBYNAMOGGnkbAmMQOt9Q+TyGeTSSGiAjfvd/N nYg7L/KjVbG0sp6pAWVORMpR0oChHflzKSjvJITCGdpwagxSffU2HeWrLN7ePES6gPbtZ8HY KHUqjWZQsXLkMFw4yj8ZXuGarLwdBMB7V/9YHVkatJPjTsP8ZE723rV18iLiMvBqh4XtReEP 0vGQgiHnLnKs+reDiFy0cSOG0lpUWVGI50znu/gBuZRtTAE0LfMa0oAYaq997Y4k+na6JvHK hhaZMy82cD4YUa/xNnUPMXJjkJOBV4ghz/58GiT32lj4rdccjQO4zlvtjltjp9MTOFbRNI+I FCf9bykANotR+2BzttYKuCcred+Q7+wSDp9FQDdpUOiGnzT8oQukOuqiEh3J8hinHPGhtovH V22D0cU6T/u9mzvYoULhExPvXZglCLEuM0dACtjVsoyDkFVnTTupaPVuORgoW7nyNl0wDrII ILBqUBwzCdhQpYnyARSjx0gWSG1AQBKkk5SHQBqi1RAYC38M59SkpH0IKj+SaZbUJnuqshXh UIbY1GMHbW/GDhz7pNQFFYm2S4OPUBcmh/0O0Osma151/HjF7wARAQABzR9QZXRyIMWgcGHE jWVrIDxwc3BhY2VrQGlzYy5vcmc+wsGXBBMBCABBAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4B AheAAhkBFiEEEVO2++xeDVoSYmDzq9WHzfBlga4FAmkt8P0FCQtoiX8ACgkQq9WHzfBlga4m OxAAhBZyC7vnxl3kjFPFRT39ocbZy1jJX4fiaJmiIgKma06c9Eled/w2IN9pzRc0+iI6jSQa 40NfHFV8g2KZfZUNEVE3BOliWdEFi61OcwxB/UeryGDJUFYfK4un7ibYv4Rzvrfpz13aQ0/z MVm2HA3OVwkTqnK+dJL//d3AmED66oJKUFXU9tG5kUGNqbVrZNSiegZXC/TloO0+eYYN63Fm EHvWE20NcgdciG4y/pdtBXcWSwt21tSeqiZqN5L8LvfAGmJ1gdi6p4eHvPEH1WSOqUEZmy5l +5BE6xA2z4bfNpCYSir6GwFTOQwxHeekLKJktgsLjYY8oHbmPjIIdEzkcV8dD8czJEPo0sqe VB4qTun8cCE4AkVofpo5MMwni/3DLlm9bgV8tKJ3sAqwo6bEWk8dU9QqlcwiYb5S1KPbWrwO 89cIJNLIu9rO3nemWFDwNq6mFuNdNWSDciLV434P5xZ0y5Xy09n5dGhCgYZTRv1JTLmXEO+H aw6iRgLNZmImYB0VpoPPHBjIavsY211qyLIwDRaUykELhGaBk7P1zKhC91ZD866CbR3x6ptv EuFuJ2myZT1dIalWiFf0HaVhrMHm8y8ih1sn9Ezdxnle7Hxyjgp//CtM92GCjU8iuqYQOzNq B9LWBU6NTtGx5Tktf2/Vin2ADqiiVN1EDOQd9tvOwU0EX84n/gEQANARNXihDNc1fLNFZK5s O14Yg2TouK9eo9gGh4yLSrmZ3pjtnuJSpTWmGD4g0EYzhwWA/T+CqjUnrhsvzLQ1ECYVqLpM VqK2OJ9PhLRbx1ITd4SKO/0xvXFkUqDTIF6a5mUCXH5DzTQGSmJwcjoRv3ye+Z1lDzOKJ+Qr gDHM2WLGlSZAVGcUeD1S2Mp/FroNOjGzrFXsUhOBNMo8PSC4ap0ZgYeVBq5aiMaQex0r+uM4 45S1z5N2nkNRYlUARkfKirqQxJ4mtj5XPC/jtdaUiMzvnwcMmLAwPlDNYiU0kO5IqJFBdzmJ yjzomVk1zK9AYS/woeIxETs+s6o7qXtMGGIoMWr6pirpHk4Wgp4TS02BSTSmNzParrFxLpEU dFKq3M0IsBCVGvfNgWL2pKKQVq34fwuBhJFQAigR9B3O9mfaeejrqt73Crp0ng0+Q74+Llzj EIJLOHYTMISTJyxYzhMCQlgPkKoj+TSVkRzBZoYFkUt4OXvlFj73wkeqeF8Z1YWoOCIjwXH9 0u2lPEq0cRHHyK+KSeH1zQJ4xgj0QDGPmkvi81D13sRaaNu3uSfXEDrdYYc+TSZd2bVh2VCr xrcfzQ1uz9fsdC9NPdNd7/mHvcAaNc5e9IhNh67L54aMBkzlJi18d0sWXOOHkyLSvbHnC/OP wv7qCf69PUJmtoeHABEBAAHCwXwEGAEIACYCGwwWIQQRU7b77F4NWhJiYPOr1YfN8GWBrgUC aS3xCAUJC2iJigAKCRCr1YfN8GWBrgJJD/4oabL/T67M7GNPB1Q+1ghSpi3LJEwDqeaULNZv 2exo7N59cChW5DXD5e/rkvQM7yOsaKJBwkpjY2+vk4+Tw9iU1iqzS0iavr9A3i9mHJjlp4it u6oDBHCGMqBGZHHGP4O9xPuIoW6s50yP31NLbIGP4KGD03S1JtOBrETlTyr6a0mN4HrRnAkz nOa2l7npRvgkRpdr/vDmbAkyZYXcUCQSWsOKzRrcCrqRxzF7Ob39Xw+SrPv7hMBShzOVJCj6 XwOsu+F/hmRK5TML8+yZ+wGbrcTyxJ8qkKtwtDJXPMVY993f1k50/bquRdjX5wHTthvf6o9A 2cmZtbL0fVm2KEWNV3xDk52cJj7MqBk1M/mj1q8+6UzN9hTxN0N77u1sosgguW/8PWu/v2yy kUs2huxaqDkdrPc6kKuKbCGpkT5/89S6gvQSNx5IlVl0uWzJRat1h9HkdkO0CBYRX51Rv33W BF4qJ73o2dfrUchs70rher6734c21z8DUhDkvnPGIgLh4tYrYHNcM4akBTUt9k38xMGrj6yo kRjP6Pq9jhLwJBxxBRDEXn3vse8uy1s1sp9rhBxSS7bEHfmyz71h6ccALCFBlBzqfMediCAE 0PEMOPrXM0NU+o25vNC8BuWWpPf+fzvkLf+sEyYcIdwbHZ/V2qv97JvYX0FpMwmeyw4O2g==
In-Reply-To: <aZkrhQm9kUfDk0gC@p5>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: WPXOECVR6TA2O6Z2M2IA76EXDHZTAG7K
X-Message-ID-Hash: WPXOECVR6TA2O6Z2M2IA76EXDHZTAG7K
X-MailFrom: pspacek@isc.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: draft-fujiwara-dnsop-dns-upper-limit-values-05
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/vrQFKbPA3uafb8LdxvouB-i-ICY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
On 21. 02. 26 4:50, Mukund Sivaraman wrote: > Dear Fujiwara san, > > On Tue, Feb 10, 2026 at 04:28:22PM +0900, Kazunori Fujiwara wrote: >> Dear dnsop WG, >> >> Authors submitted draft-fujiwara-dnsop-dns-upper-limit-values-05. >> https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-dns-upper-limit-values/ > > Would you also consider adding a limit on the size of the RSA public > exponent "e" in the DNSSEC validation path? There is no low limit on the > public exponent in PKCS #1 (it can be up to modulus - 1). While the RSA > modulus itself is limited by DNS RFCs 3110 and 5702 to a max of 4096 > bits, there is no limit on the public exponent (it can be up to modulus > - 1). I think a DNS group should not be specifying limits for crypto algorithms. If you can find a suitable reference to another document, that could be referenced. In other words, leave this to crypto experts :-) -- Petr Špaček
- [DNSOP] draft-fujiwara-dnsop-dns-upper-limit-valu… Kazunori Fujiwara
- [DNSOP] Re: draft-fujiwara-dnsop-dns-upper-limit-… Mukund Sivaraman
- [DNSOP] Re: draft-fujiwara-dnsop-dns-upper-limit-… Petr Špaček
- [DNSOP] Re: draft-fujiwara-dnsop-dns-upper-limit-… Philip Homburg
- [DNSOP] Re: draft-fujiwara-dnsop-dns-upper-limit-… Petr Špaček
- [DNSOP] Re: draft-fujiwara-dnsop-dns-upper-limit-… Philip Homburg
- [DNSOP] Re: draft-fujiwara-dnsop-dns-upper-limit-… Kazunori Fujiwara
- [DNSOP] Re: draft-fujiwara-dnsop-dns-upper-limit-… Mukund Sivaraman
- [DNSOP] Re: draft-fujiwara-dnsop-dns-upper-limit-… Felix Linker
- [DNSOP] Re: draft-fujiwara-dnsop-dns-upper-limit-… Petr Špaček