Viktor Dukhovni via mailop <mailop@mailop.org> wrote: > On Mon, Nov 18, 2024 at 01:08:19PM +0000, Gellner, Oliver via mailop wrote: >> On 18.11.2024 at 13:33 Fehlauer, Norbert via mailop wrote:
>>> is using ECC certificates for SMTP TLS (sending/receiving) something >>> thats a common thing nowadays or does that involes the risk of not >>> being reached via SMTP TLS at all from the majority of senders? > > Yes, ECC certs are generally interoperable, but there is a small > elevated risk of problems in comparison with RSA. > >> This is a certificate currently used by one of Gmails MX: >> https://crt.sh/?id=15026159353 ECC should be supported in all >> libraries since a couple of years, so it depends how often your MTA >> receives wanted messages from very old software stacks. If you need >> maximum compatibility, you should stay with RSA. > > +1. Saving a few bytes transmitting certs is not that compelling with > SMTP, so there's a reasonable case for sticking with RSA. Or provide both RSA and ECC certificates if the MTA in question supports it [1]. [1] smtpd_tls_chain_files in the case of postfix Regards, Michael _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
