Re: [mailop] DKIM: ed22519 experiences anyone?

Tue, 16 Feb 2021 01:49:59 -0800 

mailauth (https://github.com/andris9/mailauth) library and cli utility can
also be used to both verify and sign using Ed25519 DKIM keys. Can't see
those keys to become mainstream any time soon though. RSA signature already
verifies the message so double signing is basically just for testing
purposes but has no practical effect. Probably happens once 2048bit keys
are considered too weak and 4096bit keys are just too long for DNS.

Regards,
Andris Reinman

Kontakt Patrick Ben Koetter via mailop (<mailop@mailop.org>) kirjutas
kuupäeval T, 16. veebruar 2021 kell 09:50:

> Hey Vsevolod!
>
> * Vsevolod Stakhov via mailop <vsevo...@rspamd.com>:
> > On 15/02/2021 21:02, John Levine via mailop wrote:
> > > In article <20210215085929.76srgtpbaqbms...@sys4.de> you write:
> > >> Greetings,
> > >>
> > >> is anyone using ed22519 for DKIM signatures yet and what do you see?
> Any
> > >> interop problems?
> > >
> > > Aside from the fact that approximately nobody can validate them yet,
> they're fine.
> > >
> > > So long as you don't try to use the same selector you use with RSA
> signatures
> > > they shouldn't cause any problems.
>
> ACK! After some consideration we agreed not to use subdomains of
> _domainkey.$DOMAIN.$TLD, but add the algo name as suffix to the selector.
>
>
> > Well, Rspamd can validate them, but I'd suggest to use dual signatures
> > for now (RSA + ed25519) when signing - it is also supported by Rspamd
> > dkim_signing module, even for the keys rotation scenario.
>
> I agree! Another standard withou a mechanism to tell feature sets apart.
> We'll
> have to live with two signatures for an undefined period, until someone
> steps
> up and forces senders to implement the "replacing feature", because the old
> one will fall away on the receiving end.
>
> p@rick
>
> --
> [*] sys4 AG
>
> https://sys4.de, +49 (89) 30 90 46 64
> Schleißheimer Straße 26/MG,80333 München
>
> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
> Aufsichtsratsvorsitzender: Florian Kirstein
>
> _______________________________________________
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>

_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Reply via email to