[dns-operations] [Ext] Re: (struct DNSSEC_DNSKEY_RR *) Exponent lengths

Edward Lewis edward.lewis at icann.org
Fri Aug 10 12:59:57 UTC 2018


On 8/10/18, 08:50, "dns-operations on behalf of Viktor Dukhovni" <dns-operations-bounces at dns-oarc.net on behalf of ietf-dane at dukhovni.org> wrote:
    
>Packet sizes are a more pressing issue than CPU bandwidth.

Don't underestimate the power of "default values."  More important than the technical rationale for choosing a particular setting (RSA exponent in this case) is that choice is made by software when a time-pressed operator "just hit's return".

I say this from a conversation I have in 2012 with an operator.  I was talking about the spread of values I saw in DNSSEC operations, parameters like time showed an interesting distribution while parameters like size (of keys) showed a shared common value.  "Of course - operators usually just use the default values!" That hit me like a pile of bricks.

And that is why I'm wondering about the exponents I see.  There's got to be some tool or some turn-key system that is creating these keys.

 




More information about the dns-operations mailing list