On Thu, 21 Dec 2023, Mike Hillyer wrote:
John Said:
I'm sure that Google has code somewhere that can validate ED25519
signatures. But that does not mean that it would be a good idea for them
to use that code in production today and try to update their reputation
systems to deal with the dual signing that implies.
With the number of messages already arriving with multiple DKIM
signatures I can't imagine their reputation systems don't already handle
dual signing just fine. Granted this would be two signatures on the same
domain, but that seems that a small change from handling a signature on
the From plus one from the ESP and maybe even one for the
list-unsubscribe domain.
If there's two signatures for the same domain, one is good and one is bad,
which do you believe? I know what the spec says, but we have no practical
experience.
In any event, as I've said at least three times now, RSA keys are fine for
the forseeable future so there is no benefit to using ED25519 keys unless
there is an unexpected key break.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop