On Tue 19/Dec/2023 22:12:28 +0100 Gellner, Oliver via mailop wrote:
On 19.12.2023 at 12:19 Alessandro Vesely via mailop wrote:
On Tue 19/Dec/2023 09:21:55 +0100 Taavi Eomäe wrote:
Considering how Gmail and quite a few widespread DKIM implementations still
don't support EdDSA DKIM, I wouldn't get my hopes too high.
Won't any Google insider shred some lite on why a generally technically sound
company lags like that?
I‘m not an insider but I could imagine that DKIM signatures which use EdDSA and ECDSA are solutions to a problem that has not yet been discovered.
2048 bit RSA keys are small *enough* and fast *enough*. As long as they can be considered secure it’s a waste of resources to run a dual DKIM setup for years or possibly decades.
RFC 8463 still reads out:
Signers SHOULD implement and verifiers MUST implement the
Ed25519-SHA256 algorithm.
Keys and signatures lengths are *quite* different. Considering that any crypto
library a filter loads by now certainly includes ed25519 code anyway, what
resources would a dual DKIM setup waste? The difference is just a couple of calls.
It is a waste of resources to force continued usage of the longer keys...
Best
Ale
--
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
