[cryptography] DKIM: Who cares?

Nicolai nicolai-cryptography at chocolatine.org
Wed Oct 24 23:07:08 EDT 2012


On Wed, Oct 24, 2012 at 07:57:54PM -0400, Matthew Green wrote:
> That's my impression. 

> Others have pointed out that 512 bits is a limit imposed by DNS/UDP text
> record sizes (much more and you need TCP). I don't know if that's
> accurate and I'm not sure it contradicts my first answer.

DNS imposes a limit of 512 bytes (not bits) on UDP packets.  Larger
packets are truncated and marked with the TC bit.  This signals the
resolver to retry using TCP.

512 bytes is more than enough for a TXT record containing a 1024-bit
key.

Nicolai



More information about the cryptography mailing list