If someone could forward this to DNSEXT WG, I would appreciate it. Thanks,
--Dean ---------- Forwarded message ---------- Date: Sat, 30 Aug 2008 23:14:44 -0400 (EDT) From: Dean Anderson <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: DNSKEY / multiprecision number format? I'm wondering how the exponent and modulus are stored in a DNSKEY record for RSASHA1. RFC3110 just makes some vague references to where things go, but does not define their precise format: exponent length 1 or 3 octets (see text) exponent as specified by length field modulus remaining space The format of large binary numbers is never specified in RFC3110, and no standard exists that I can find. I notice that BIND tools just use the openssl library calls bn2bin, which produces an undefined and non-standardized openssl format. GMP and presumably other multiprecision libraries have their own format. GMP's mpz_import function has a number of parameters for importing from different binary multiprecision number formats: count, order, size, endian, nails http://gmplib.org/manual/Integer-Import-and-Export.html#Integer-Import-and-Export "The parameters specify the format of the data. /count/ many words are read, each /size/ bytes. order can be 1 for most significant word first or -1 for least significant first. Within each word /endian/ can be 1 for most significant byte first, -1 for least significant first, or 0 for the native endianness of the host CPU. The most significant /nails/ bits of each word are skipped, this can be 0 to use the full words. " The only one that can be inferred from an instance of an DNSKEY RR is count. So, can anyone say what the remaining 4 parameters should be for DNSKEY and other DNSSEC records? Is there an RFC that defines these parameters? Thanks, --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop