On Thu, Mar 7, 2024 at 1:05 PM A. Schulze <sca= 40andreasschulze...@dmarc.ietf.org> wrote:
> I enabled double signing years ago on my personal domain and last year at > an medium scale ESP. > So far, we didn't noticed negative effects. > Intentionally I removed SPF on my personal domain last year, also without > any delivery issues. > > I also validate both signatures if present but didn't any statistics. > > One interesting point is the signature order. Without specific reasons I > sign rsa first, then ed25519. > This message is the first, I send with the opposite order: ed25519 first, > then rsa. > Let's see, what will happen... My naive assumption: order don't matter. > Section 4.2 of RFC 6376 is pretty nebulous about this. You can do them in any order, and you can stop after you get one that you like based on whatever local policy you choose or do them all. Given the time that's passed since RFC 8463 was published, I'd expect to have heard that order matters in one way or another if indeed it does. The absence of such experience might be telling. -MSK
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim