On Sep 24, 2009, at 9:35 PM, Michael Chen wrote:
I also want to point out that even with the most simple encoding
(JDK keytool), a 1024 bit RSA public key certificate takes up 619
bytes. A production strength 2048 bit RSA cert is 880 bytes. If a
peer can only be reached via UDP, the overhead of DTLS + Reload
Signature on message leaves very little room for the relevant data
fragment (e.g. 1500 packet size), which means UDP transport may be
very inefficient. Transport overhead should be a separate
discussion thread.
In my RELOAD implementation a 2048 bit RSA public key is 691 bytes
long, see output below. Do you have statistics that show the current
fragmentation algorithm to be sub-optimal?
Julian
Running 1 test case...
......................+++
........................+++
debug: RSA* junglecat::rsa::generate_key_pair(): Succeeded generating
RSA key.
..............................+++
..............+++
debug: RSA* junglecat::rsa::generate_key_pair(): Succeeded generating
RSA key.
debug: X509_NAME* junglecat::x509::allocate_common_name(const char*):
Allocated
debug: X509_NAME* junglecat::x509::allocate_common_name(const char*):
Allocated
debug: X509* junglecat::x509::generate_certificate(RSA*, RSA*, const
char*, const char*, unsigned int, const EVP_MD*): Success
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1253857645 (0x4abc596d)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=common_name_issuer
Validity
Not Before: Sep 25 05:47:25 2009 GMT
Not After : Sep 25 06:47:25 2009 GMT
Subject: CN=common_name
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:ab:54:2c:7b:9a:d8:3c:4b:b8:08:46:04:ee:02:
51:8a:94:4c:62:58:d0:ed:50:f8:2f:5a:43:b2:b0:
aa:1a:7c:46:32:ad:93:b3:80:1b:dd:62:d7:72:14:
aa:0e:43:7c:6b:00:a6:56:f3:62:ed:b5:d4:ff:c4:
da:72:6c:ff:8c:75:a2:8a:0c:e9:fb:9d:f0:f3:6f:
d8:65:1e:85:7b:7c:91:cc:b3:8a:eb:f7:ff:1d:c7:
e0:9f:e5:d3:e0:d4:23:3a:e9:0a:9c:be:f7:fc:44:
59:3f:03:19:65:8c:fd:07:bd:40:c0:40:3c:04:8e:
46:5c:13:1a:85:68:d8:48:01:f9:03:75:98:e9:1f:
a7:bb:d7:75:c7:dc:6b:3c:eb:6e:6c:ee:21:73:94:
66:dd:d6:4a:13:79:7b:19:91:75:f8:14:0e:ba:dd:
01:79:83:0e:3f:e1:9a:10:ea:98:cc:ae:d5:41:d7:
2d:33:0e:ab:6c:be:49:d3:cd:dd:fe:f4:5e:0c:ef:
b8:cb:ae:bf:80:e4:cf:9e:66:86:42:2a:1c:3a:ca:
d0:d5:ab:ad:34:ba:eb:6e:2d:33:86:4e:29:e8:1b:
cb:ee:f4:d5:8f:2c:d1:f6:10:a6:84:4b:4f:05:2d:
17:31:09:03:bd:9e:63:32:0f:14:ae:a6:0c:74:aa:
0a:d3
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
52:2a:cd:4d:f3:cc:c1:94:5e:5e:09:63:34:f6:fb:9b:c0:52:
dc:98:90:30:88:44:bd:f6:73:0a:e2:ed:6c:f1:bc:26:f0:d9:
72:c0:a7:d1:79:85:8d:f1:eb:4c:cc:d1:b0:73:fa:8f:de:e1:
81:9d:32:fa:c6:c3:eb:37:5e:7f:30:c6:7e:a2:34:e0:d1:9d:
af:a2:e7:00:59:68:eb:7c:f6:c1:6d:18:0e:f5:14:5e:cc:c9:
f2:07:f1:60:a3:b4:a3:28:89:23:93:ac:14:d4:1e:69:f5:c7:
b8:90:68:b7:f2:bc:70:6c:2b:7e:01:48:34:77:ae:67:b2:ff:
0f:b7:15:c6:42:4c:9f:c6:dd:02:ed:06:9b:04:60:4a:74:52:
ee:03:29:0e:e3:75:62:07:92:a3:48:f6:a4:f5:bb:8c:09:b0:
cf:71:12:24:63:33:0f:9f:97:d4:ab:01:da:d7:d8:7f:c8:17:
94:0e:70:03:7a:f0:5e:14:8b:ec:c8:11:d9:b4:b4:74:2c:4e:
0c:56:35:c7:0f:b0:9e:6a:df:b2:63:68:3e:05:53:05:86:7c:
45:82:a4:94:93:12:8e:b4:a2:0d:5f:29:d8:7d:52:d3:ab:8f:
d4:cf:6f:26:b7:36:f6:5f:a4:c7:64:da:a2:ec:da:74:3b:e5:
8d:2a:7b:21
X509 structure size: 92
RSA structure size: 88
len:691
*** No errors detected_______________________________________________
P2PSIP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/p2psip
