On Thu 21/Dec/2023 10:37:52 +0100 John Levine via mailop wrote:
It appears that Alessandro Vesely via mailop <ves...@tana.it> said:
RFC 8463 still reads out:
Signers SHOULD implement and verifiers MUST implement the
Ed25519-SHA256 algorithm.
Implement is not a synonym for use.
Yes, your code should handle them. No, that doesn't mean you should sign with
them.
Yup. The question was why Gmail doesn't /verify/ ed25519 signatures.
Answering that they do so because it's not necessary to use them doesn't sound
real. That way, they are damaging the halo of steady innovators that their
pushing on authentication might evoke...
Best
Ale
--
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop