Re: [ietf-dkim] small question in draft-ietf-dkim-base-00.txt on TXTrecord
Douglas Otis <dotis@mail-abuse.org> Wed, 22 February 2006 00:41 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FBi4K-0006ET-9S for ietf-dkim-archive@lists.ietf.org; Tue, 21 Feb 2006 19:41:24 -0500
Received: from sb7.songbird.com ([208.184.79.137]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FBi4H-0004rQ-ST for ietf-dkim-archive@lists.ietf.org; Tue, 21 Feb 2006 19:41:24 -0500
Received: from sb7.songbird.com (sb7.songbird.com [127.0.0.1]) by sb7.songbird.com (8.12.11/8.12.11) with ESMTP id k1M0dxUY024579; Tue, 21 Feb 2006 16:40:00 -0800
Received: from b.mail.sonic.net (b.mail.sonic.net [64.142.19.5]) by sb7.songbird.com (8.12.11/8.12.11) with ESMTP id k1M0diJG024556 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK) for <ietf-dkim@mipassoc.org>; Tue, 21 Feb 2006 16:39:44 -0800
Received: from [168.61.10.151] (SJC-Office-DHCP-151.Mail-Abuse.ORG [168.61.10.151]) (authenticated bits=0) by b.mail.sonic.net (8.13.3/8.13.3) with ESMTP id k1M0d5mP029559 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO); Tue, 21 Feb 2006 16:39:05 -0800
In-Reply-To: <198A730C2044DE4A96749D13E167AD3792AB18@MOU1WNEXMB04.vcorp.ad.vrsn.com>
References: <198A730C2044DE4A96749D13E167AD3792AB18@MOU1WNEXMB04.vcorp.ad.vrsn.com>
Mime-Version: 1.0 (Apple Message framework v746.2)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <CF07AE64-846E-47AB-BBFD-0E707C02323E@mail-abuse.org>
Content-Transfer-Encoding: 7bit
From: Douglas Otis <dotis@mail-abuse.org>
Subject: Re: [ietf-dkim] small question in draft-ietf-dkim-base-00.txt on TXTrecord
Date: Tue, 21 Feb 2006 16:39:23 -0800
To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
X-Mailer: Apple Mail (2.746.2)
X-Songbird: Found to be clean, Found to be clean
Cc: IETF DKIM WG <ietf-dkim@mipassoc.org>
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org
X-SongbirdInformation: support@songbird.com for more information
X-Songbird-From: ietf-dkim-bounces@mipassoc.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 4d87d2aa806f79fed918a62e834505ca
On Feb 21, 2006, at 9:10 AM, Hallam-Baker, Phillip wrote: > Douglas Otis wrote: >> >> 2048 bits represents 256 bytes of binary data easily and reliably >> stored using the #37 RR. In addition, the #37 Cert RR also >> provides a method to reference other key acquisition options in >> the event something is needed that DNS can not provide. >> >> http://www.ietf.org/internet-drafts/draft-ietf-dnsext- >> rfc2538bis-09.txt >> >> With a draft describing the data structure, this could be expanded >> to: >> Value Mnemonic Certificate Type >> ----- -------- ---------------- >> 9 DKIM DKIM Binary Key >> 10 IDKIM The URL of a DKIM Key Server >> >> >> If the goal is to handle 2k bit keys, the need for binary encoding >> is paramount. > > I do not see the value in having a pointer to a CERT record with a > pointer to a cert over a pointer to the cert. The suggestion for using #37 RR for offering a URL vector to the "Next means of obtaining the DKIM information" was to circumvent future hunting. > If the idea is to replace the existing key format with self signed > X.509v3 certificates it ignores the long (and justified) history of > ASN.1 hatred in the IETF. A data structure defined by the #37 RR type is not limited to X.509 certificates. There are many experimental values for use, pending a draft being accepted that defines a suitable DKIM public key binary structure. The DKIM test server would need to transition from accepting an experimental type value to the assigned value. To further reduce DNS payloads, a signature conventions could differentiate DKIM from that of DomainKeys, where then a label "_dkim" could also replace the "_domainkeys" label where just #37 RR would be obtained. The use of a binary key format from the outset prevents the need for multiple lookups and better ensures use of 2048 bit keys will not become a problem. #37 RR more than doubles the otherwise limited name space. -Doug _______________________________________________ NOTE WELL: This list operates according to http://dkim.org/ietf-list-rules.html
- RE: [ietf-dkim] small question in draft-ietf-dkim… Hallam-Baker, Phillip
- Re: [ietf-dkim] small question in draft-ietf-dkim… Douglas Otis
- RE: [ietf-dkim] small question in draft-ietf-dkim… Hallam-Baker, Phillip
- Re: [ietf-dkim] small question in draft-ietf-dkim… Douglas Otis