One. Last. Message. Of mine. And sorry for all this mostly off-topic noise.
Steffen Nurpmeso wrote in <20240306214948.V5gSjSiU@steffen%sdaoden.eu>: |Steffen Nurpmeso via Postfix-users wrote in | <20231030191124.5ou-x%[email protected]>: ||It seems to me there is not much interest of mail operators in ||stepping to ed25519, reducing the payload of DNS and email? ||I know dkimpy supports it (and more -- but is python, uuuh!) for ||long, but OpenDKIM is unchanged for eight years. (At least my ||sf.net import from 2017-09-23 still stands.) | |So now that i have DKIM myself i tested. |And *no* verification software i can reach actually supports |Ed25519-sha256 as of RFC 8463 from September 2018! |It is even *worse* than that. | | - Google: at least reaches out to the RSA signature and verifies | that, it ignores the other one saying "no key". | | - Microsoft: fails the DKIM test if a RFC 8463 signature is | present, no matter whether first or last!!! | Is this *really* true? That is really bad. + It even actively fails SHA1 DKIM signatures. I know these are deprecated, but if i use a rsa-sha1 and a rsa-sha256 signature in that order: Authentication-Results: spf=pass (sender IP is 217.144.132.164) smtp.mailfrom=sdaoden.eu; dkim=fail (body hash did not verify) header.d=sdaoden.eu;dmarc=bestguesspass action=none header.from=sdaoden.eu;compauth=pass reason=109 The *very*same* message/-checkum passes Google: Authentication-Results: mx.google.com; dkim=pass (test mode) [email protected] header.s=lemon header.b=meYlPkTE; dkim=pass (test mode) [email protected] header.s=citron header.b=Cehr1W9z; spf=pass (google.com: domain of [email protected] designates 217.144.132.164 as permitted sender) [email protected] Looking at that. Say, the Microsoft Authentication-Results: does not denote its own domain name, no? Ie i could not strip it. I have not read RFC 8601 for very too long to know, though. They do not look at the h=sha1 of the DNS record, do they. They do not look at the a= of the DKIM signature. | - The software this list uses (rspamd i think): fails if the | Ed25519 signature is first, aka does not reach out. (Which it | should, says DKIM, does it. The DKIM standard is | *fantastic*!) It at least succeeds if the RSA is first. | |What a mess. Even though explicitly envisioned in the DKIM |standard, it seems to me one cannot simply create two signatures, |as i wanted to do. (For a while, at least; until i see Ed is |supported anywhere. I had no plan, actually.) | |So as of today DKIM interoperability seems to mean: | | - Place a single signature. | | - It must be RSA-sha256. And exactly only that. |RFC 6376 surely would have deserved something better. Good night, greetings, and Ciao from Germany, --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
