Oh I was only speaking to the concept of handling multiple signatures, not the processing of a new crypto algorithm.
________________________________________ From: Alessandro Vesely <ves...@tana.it> Sent: Thursday, December 21, 2023 10:05 AM To: Mike Hillyer; mailop@mailop.org; John R Levine Subject: Re: [mailop] ECDSA DKIM validation? On Thu 21/Dec/2023 14:53:55 +0100 Mike Hillyer via mailop wrote: > John Said: > >> I'm sure that Google has code somewhere that can validate ED25519 >> signatures. But that does not mean that it would be a good idea for them >> to use that code in production today and try to update their reputation >> systems to deal with the dual signing that implies. > > With the number of messages already arriving with multiple DKIM signatures I > can't imagine their reputation systems don't already handle dual signing just > fine. Google keep reporting <result>fail</result> for ed25519 signatures. Ditto for Comcast. Yahoo say <result>permerror</result>, like Verizon. Microsoft don't even mention that selector... It seems only (few) small servers dare implementing ed25519. I don't understand why. The meaning of signatures is not altered by the a= tag, so updating a reputation system in order to accomodate a different verification algorithm should only require a small, localized change. Not a staggering defeat. What am I missing? Best Ale -- _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
