--- Forwarded from Steffen Nurpmeso <stef...@sdaoden.eu> ---
Date: Wed, 06 Mar 2024 22:49:48 +0100
Author: Steffen Nurpmeso <stef...@sdaoden.eu>
From: Steffen Nurpmeso <stef...@sdaoden.eu>
...
Subject: Re: [pfx] Recommendation for dkim signing
Message-ID: <20240306214948.V5gSjSiU@steffen%sdaoden.eu>
...
...
So now that i have DKIM myself i tested.
And *no* verification software i can reach actually supports
Ed25519-sha256 as of RFC 8463 from September 2018!
It is even *worse* than that.
- Google: at least reaches out to the RSA signature and verifies
that, it ignores the other one saying "no key".
- Microsoft: fails the DKIM test if a RFC 8463 signature is
present, no matter whether first or last!!!
Is this *really* true? That is really bad.
- The software this list uses (rspamd i think): fails if the
Ed25519 signature is first, aka does not reach out. (Which it
should, says DKIM, does it. The DKIM standard is
*fantastic*!) It at least succeeds if the RSA is first.
What a mess. Even though explicitly envisioned in the DKIM
standard, it seems to me one cannot simply create two signatures,
as i wanted to do. (For a while, at least; until i see Ed is
supported anywhere. I had no plan, actually.)
So as of today DKIM interoperability seems to mean:
- Place a single signature.
- It must be RSA-sha256.
RFC 6376 surely would have deserved something better.
...
-- End forward <20240306214948.V5gSjSiU@steffen%sdaoden.eu>
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
