[dns-operations] [Ext] Re: (struct DNSSEC_DNSKEY_RR *) Exponent lengths
Edward Lewis
edward.lewis at icann.org
Fri Aug 10 12:59:57 UTC 2018
On 8/10/18, 08:50, "dns-operations on behalf of Viktor Dukhovni" <dns-operations-bounces at dns-oarc.net on behalf of ietf-dane at dukhovni.org> wrote:
>Packet sizes are a more pressing issue than CPU bandwidth.
Don't underestimate the power of "default values." More important than the technical rationale for choosing a particular setting (RSA exponent in this case) is that choice is made by software when a time-pressed operator "just hit's return".
I say this from a conversation I have in 2012 with an operator. I was talking about the spread of values I saw in DNSSEC operations, parameters like time showed an interesting distribution while parameters like size (of keys) showed a shared common value. "Of course - operators usually just use the default values!" That hit me like a pile of bricks.
And that is why I'm wondering about the exponents I see. There's got to be some tool or some turn-key system that is creating these keys.
More information about the dns-operations
mailing list