[92482] in North American Network Operators' Group
Re: fyi-- [dns-operations] early key rollover for dlv.isc.org
daemon@ATHENA.MIT.EDU (Alexander Gall)
Fri Sep 22 05:10:01 2006
In-Reply-To: <20060921124141.6b55e0a0.smb@cs.columbia.edu>
From: Alexander Gall <gall@switch.ch>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: Paul Vixie <paul@vix.com>, nanog@merit.edu
Date: Fri, 22 Sep 2006 10:12:38 +0200
Errors-To: owner-nanog@merit.edu
On Thu, 21 Sep 2006 12:41:41 -0400, "Steven M. Bellovin" <smb@cs.columbia.edu> said:
> Paul, what exponent does the new key use? (I clicked on the public key
> link, but I can't decode the base64 that easily...)
Here's a fairly simple way to extract e:
$ for rdata in `dig dlv.isc.org. dnskey +short | awk '/257/ {print $4}'`; do echo $rdata | base64-decode | od -x -N4; done
0000000 0103 daa7
0000004
0000000 0301 0001
0000004
According to RFC2537 section 2, one of the KSKs of dlv.isc.org has e=3
and the other e=65537.
--
Alex
