Hi,
I would like to ask to consider the possibility of defining a DKIM
signature using Ed448. The current Ed25519 has a security equivalent of
125b, Ed448 has a security equivalent of 224b, yet their total length is
acceptable in terms of the DNS packet size. The load generated by the
signature algorithm is higher, but it still works better in relation to
the corresponding security equivalent for RSA. Moreover, an RSA
algorithm with the corresponding strength will be challenging to
transfer within the DNS response.
- the key for Ed448 has 56B, after transcoding to Base64 then 76B
- the key for Ed25519 has 32B, after transcoding to Base64 then 44B
The mechanism for Ed448 is part of the definition of TLS 1.3, FIPS 186-5
as well as eIDAS and ETSI (TS 103523).
Regards
Jan
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim