On Mon 30/Oct/2023 20:44:20 +0100 Steffen Nurpmeso wrote:
I still think ED25519 is not gracefully supported by all DKIM implementations because you cannot use a stream based approach, but must load the entire data "in memory", it is a one-off algorithm.
Irrespective of what the advantage of simultaneous access the entire data would be, DKIM standardization of ed25519 keeps the same SHA256 hashing algorithms already used for RSA. It signs the hash as if it were the whole data. Neither I am a cryptographer. Does this usage break collision resistance properties of Schnorr signatures? I asked on stackexchange[*] but got no reply. Best Ale -- [*] https://crypto.stackexchange.com/questions/108206/curious-behavior-of-evp-digestsign-for-dkim _______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
