Dňa 20. apríla 2023 16:43:45 UTC používateľ John Levine via mailop <mailop@mailop.org> napísal:
>As far as I know nobody has implemented the elliptic signatures in RFC 8463 >other >than for testing. Same reason. Are you sure that nobody? I do dual sign for about 2 years already. I start to log DKIM signature types only some weeks ago, but i see some Ed25519 algos already in logs (other than my own). From time to time i see success Ed25519 DKIM verification in DMARC reports too. But yes, no one big email player does it, nor sign, nor verify. And many does it wrong -- the Ed25519 failed and RSA success (thus i guess that they fails to ignore unsupported signature algo). AFAIK, at least the exim & rspamd both supports Ed25519 DKIM, for both -- the signature & verifying, thus anybody using it supports both algos without any effort (for verify) from admin side. For sign they both use different key format, that is a little complication, but as all will do sign only in one of them, that doesn't matter... I don't want to feed the conspiracy about backdoors in RSA, but that lack of Ed25519 support (on verify side) from big players is IMO interesting... regards -- Slavko https://www.slavino.sk/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
