On Thu, Oct 1, 2015 at 3:02 PM, Dave Lawrence <[email protected]> wrote: > Does anyone have a chart handy of the rdata length of the RRSIGs > generated using different algorithms? It seems to me that I have seen > such a summary (possibly even one I made myself years ago, in notes) > but am not able to find it now. > > Don't have a chart handy, but to quickly answer: if you just want the signature portion of the RRSIG RDATA (ie. excluding the parameters: signature inception/expiration, algorithm/protocol numbers etc), then the RSA signatures are the same as the keysize, so an 2048-bit RSASHA256 (or RSASHA1) algorithm will have a 2048-bit signature. The ECDSA algorithms will have signatures twice the size of the curvepoint, so ECDSAP256 will have a 512-bit signature, and ECDSAP356 will have a 768-bit signature.
The rest of the RRSIG parameters add a small fixed size to the rdata. -- Shumon Huque
