On 2023/12/21 11:44, John R Levine via mailop wrote: > > On Thu 21/Dec/2023 10:37:52 +0100 John Levine via mailop wrote: > > > Yes, your code should handle them. No, that doesn't mean you should > > > sign with them. > > > > Yup. The question was why Gmail doesn't /verify/ ed25519 signatures. > > Answering that they do so because it's not necessary to use them doesn't > > sound real. That way, they are damaging the halo of steady innovators > > that their pushing on authentication might evoke... > > Sorry, but I don't understand what you are saying. > > I'm sure that Google has code somewhere that can validate ED25519 > signatures. But that does not mean that it would be a good idea for them to > use that code in production today and try to update their reputation systems > to deal with the dual signing that implies. > > As I've said several times, unless there is a cryptographic problem with > RSA, there is no reason to *use* any other kind of signature.
If you've had to talk someone not very technical through adding a DKIM RSA key to a poorly implemented web interface from some cheap DNS provider that doesn't handle long TXT records, you might feel differently. There is often a workaround in that case - using 1024 bit keys - but then there *is* a cryptographic problem. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
