--- Forwarded from Steffen Nurpmeso <stef...@sdaoden.eu> --- Date: Wed, 06 Mar 2024 22:49:48 +0100 Author: Steffen Nurpmeso <stef...@sdaoden.eu> From: Steffen Nurpmeso <stef...@sdaoden.eu> ... Subject: Re: [pfx] Recommendation for dkim signing Message-ID: <20240306214948.V5gSjSiU@steffen%sdaoden.eu> ...
... So now that i have DKIM myself i tested. And *no* verification software i can reach actually supports Ed25519-sha256 as of RFC 8463 from September 2018! It is even *worse* than that. - Google: at least reaches out to the RSA signature and verifies that, it ignores the other one saying "no key". - Microsoft: fails the DKIM test if a RFC 8463 signature is present, no matter whether first or last!!! Is this *really* true? That is really bad. - The software this list uses (rspamd i think): fails if the Ed25519 signature is first, aka does not reach out. (Which it should, says DKIM, does it. The DKIM standard is *fantastic*!) It at least succeeds if the RSA is first. What a mess. Even though explicitly envisioned in the DKIM standard, it seems to me one cannot simply create two signatures, as i wanted to do. (For a while, at least; until i see Ed is supported anywhere. I had no plan, actually.) So as of today DKIM interoperability seems to mean: - Place a single signature. - It must be RSA-sha256. RFC 6376 surely would have deserved something better. ... -- End forward <20240306214948.V5gSjSiU@steffen%sdaoden.eu> --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim