Re: [DNSOP] DNSKEY / multiprecision number format? (fwd)

Tue, 02 Sep 2008 20:00:30 -0700 

> If someone could forward this to DNSEXT WG, I would appreciate it.
> 
> Thanks,
> 
>       --Dean
> 
> ---------- Forwarded message ----------
> Date: Sat, 30 Aug 2008 23:14:44 -0400 (EDT)
> From: Dean Anderson <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: DNSKEY / multiprecision number format?
> 
> I'm wondering how the exponent and modulus are stored in a DNSKEY record 
> for RSASHA1.  RFC3110 just makes some vague references to where things 
> go, but does not define their precise format: 
> 
>          exponent length   1 or 3 octets (see text)
>          exponent          as specified by length field
>          modulus           remaining space

        The numbers are in network byte order.
 
> The format of large binary numbers is never specified in RFC3110, and no
> standard exists that I can find. I notice that BIND tools just use the
> openssl library calls bn2bin, which produces an undefined and
> non-standardized openssl format.  GMP and presumably other
> multiprecision libraries have their own format. GMP's mpz_import
> function has a number of parameters for importing from different binary
> multiprecision number formats:
> 
>   count, 
>   order, 
>   size, 
>   endian, 
>   nails
> 
> http://gmplib.org/manual/Integer-Import-and-Export.html#Integer-Import-and-Ex
> port
>  "The parameters specify the format of the data. /count/ many words are 
>   read, each /size/ bytes. order can be 1 for most significant word
>   first or -1 for least significant first. Within each word /endian/ can
>   be 1 for most significant byte first, -1 for least significant first,
>   or 0 for the native endianness of the host CPU. The most significant
>   /nails/ bits of each word are skipped, this can be 0 to use the full
>   words. "

        As for any integer in network byte order, "count, 1, 1, 1, 0".
 
> The only one that can be inferred from an instance of an DNSKEY RR is
> count.
> 
> So, can anyone say what the remaining 4 parameters should be for DNSKEY
> and other DNSSEC records?
> 
> Is there an RFC that defines these parameters?
> 
> Thanks,
> 
>               --Dean
> 
> 
> -- 
> Av8 Internet   Prepared to pay a premium for better service?
> www.av8.net         faster, more reliable, better service
> 617 344 9000   
> 
> 
> 
> _______________________________________________
> DNSOP mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/dnsop
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: [EMAIL PROTECTED]
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to