Alessandro Vesely wrote in <c58b879f-fa1f-4970-8ecc-8d394efa6...@tana.it>: |On Mon 30/Oct/2023 20:44:20 +0100 Steffen Nurpmeso wrote: |> I still think ED25519 is not gracefully supported by all DKIM implementa\ |> tions |> because you cannot use a stream based approach, but must load the \ |> entire data |> "in memory", it is a one-off algorithm. | |Irrespective of what the advantage of simultaneous access the entire \ |data would be, DKIM standardization of ed25519 keeps the same SHA256 \ |hashing algorithms already used for RSA. It signs the hash as if it \ |were the whole data.
My point solely was, all the time, practically speaking, that any DKIM software that has been updated to support the DKIM Ed25519-SHA256 RFC 8463 from September 2018, should (MUST), to the best of my knowledge, have been rewritten to load all the message data into memory, because, please let me quote "man Ed25519" (7ssl): NOTES The PureEdDSA algorithm does not support the streaming mechanism of other signature algorithms using, for example, EVP_DigestUpdate(). The message to sign or verify must be passed using the one‐shot EVP_DigestSign() and EVP_DigestVerify() functions. I want to point out that any such software should therefore actually *be* the best possible representation of, like i said in <20230814202928.ufult%stef...@sdaoden.eu>, You save a lot by doing DKIM-only of course. I think you are exaggerating a bit. I for myself think quite the opposite, especially if, say, an actual DKIM implementation simply walks over in-memory objects, and sending out a mail is a matter of dump-to-wire. regarding my idea of DKIM-Backup: to turn DKIM into a cryptographically verifiable sender->receiver chain, as well as, and especially, the work-out of Dave Crocker's idea (that turned out to have possibly been an idea of Mr. Kucherawy, written down in a "stale RFC") to embed SMTP-addressed receivers in emails via DKIM-B?Subsignature: (<20230812193147._esnc%stef...@sdaoden.eu>). The latter of which would, as far as i did think, address the current problem description of the IETF DKIM group, DKIM replay. |Neither I am a cryptographer. Does this usage break collision resistance \ |properties of Schnorr signatures? I asked on stackexchange[*] but \ |got no reply. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
