On Thu 21/Dec/2023 10:37:52 +0100 John Levine via mailop wrote:
Yes, your code should handle them. No, that doesn't mean you should sign
with them.
Yup. The question was why Gmail doesn't /verify/ ed25519 signatures.
Answering that they do so because it's not necessary to use them doesn't
sound real. That way, they are damaging the halo of steady innovators that
their pushing on authentication might evoke...
Sorry, but I don't understand what you are saying.
I'm sure that Google has code somewhere that can validate ED25519
signatures. But that does not mean that it would be a good idea for them
to use that code in production today and try to update their reputation
systems to deal with the dual signing that implies.
As I've said several times, unless there is a cryptographic problem with
RSA, there is no reason to *use* any other kind of signature.
R's,
John
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop