At 2:58 PM -0700 10/1/01, Jon Callas wrote:
>That's pretty much intentional; this is one of those cases where the
>correct decision of signing algorithm is DSA. RSA signatures are large.
>They're the size of the modulus, so for a 1024 bit key, a signature is 256
>bytes. DSA keys are twice the size of the hash, so they're 40 bytes. You
>can fit more of them in a syslog packet.
I realized as I was driving home tonight that I screwed the math up here.
1024/8 is 128, not 256. But still, it means that you can only fit 6-7
signatures in a packet.
Jon
