[dns-operations] DNSKEY format and RSA keys curiosity

Florian Weimer fw at deneb.enyo.de
Sun Apr 29 14:06:29 UTC 2018

* Viktor Dukhovni:

> The unfortunate thing is that the truncation is not directly detectable
> with the DNSSEC RSA key format.  Unlike the SPKI ASN.1 format, the
> DNSSEC RSA key format has no explicit length for the modulus, it is just
> the rest of the RDATA value after the exponent length and exponent.

An implementation could at least check for small key sizes and even
small prime factors and refuse to accept the data.  It would have to
extra checking if the modulus length were encoded in the RDATA blob,
too, and there are arguments for and against such checks.

More information about the dns-operations mailing list