On Fri, 11 Jul 2025, Alessandro Vesely wrote:
But why multiple signatures? Is it to let verifiers choose what algorithm they prefer?
No, it's so that signers can sign without having to know what algorithm(s) the verifiers can handle.
For existing DKIM, I'm not surprised that nobody uses ed25519. RSA signatures work fine, and the lower cost of ed25519 signatures isn't usually worth the hassle of switching. Also, the widely used opendkim library is abandonware and only supports RSA.
For DKIM2 there's going to be new signing and verification libraries so we might as well start with the best current scheme which is ed25519. We expect that sometime in the next decade people will want to use quantum-resistant signatures, which is why we include a way to switch.
Regards, John Levine, [email protected], Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
