If someone could forward this to DNSEXT WG, I would appreciate it.
Thanks,
--Dean
---------- Forwarded message ----------
Date: Sat, 30 Aug 2008 23:14:44 -0400 (EDT)
From: Dean Anderson <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: DNSKEY / multiprecision number format?
I'm wondering how the exponent and modulus are stored in a DNSKEY record
for RSASHA1. RFC3110 just makes some vague references to where things
go, but does not define their precise format:
exponent length 1 or 3 octets (see text)
exponent as specified by length field
modulus remaining space
The format of large binary numbers is never specified in RFC3110, and no
standard exists that I can find. I notice that BIND tools just use the
openssl library calls bn2bin, which produces an undefined and
non-standardized openssl format. GMP and presumably other
multiprecision libraries have their own format. GMP's mpz_import
function has a number of parameters for importing from different binary
multiprecision number formats:
count,
order,
size,
endian,
nails
http://gmplib.org/manual/Integer-Import-and-Export.html#Integer-Import-and-Export
"The parameters specify the format of the data. /count/ many words are
read, each /size/ bytes. order can be 1 for most significant word
first or -1 for least significant first. Within each word /endian/ can
be 1 for most significant byte first, -1 for least significant first,
or 0 for the native endianness of the host CPU. The most significant
/nails/ bits of each word are skipped, this can be 0 to use the full
words. "
The only one that can be inferred from an instance of an DNSKEY RR is
count.
So, can anyone say what the remaining 4 parameters should be for DNSKEY
and other DNSSEC records?
Is there an RFC that defines these parameters?
Thanks,
--Dean
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
