My point is not cryptographic merit. FWIW, any DKIM algorithm is way more
secure than what we need to authenticate emails, even RSA-SHA1 with 700bytes
keys (oh well, 512b keys were broken as a proof of concept some time ago.) As
Oliver pointed out, all those algorithms are more than enough good for our purpose.
I understand ed25519 can be skipped with minor inconveniences. However, for
compliance, I'd have expected major mail sites to conform to the standard,
while small servers possibly lagged behind. Instead, the opposite happens.
There was a period when OpenSSL didn't fully support an algorithm, but that's
now over. The path is well paved.
John wrote:
If there's two signatures for the same domain, one is good and one is bad,
which do you believe?
The choice between SHA-1 and SHA-256 has been there for years, and no one had
troubles wondering what to do with two sigs by the same domain using different
hashes one of which verifies while the other does not. It's trivial. How does
an elliptic curve put a wholly different problem?
I don't think Google have budget problems either...
On Thu 21/Dec/2023 17:38:01 +0100 Slavko via mailop wrote:
Dňa 21. decembra 2023 15:05:08 UTC používateľ Alessandro Vesely via mailop
<mailop@mailop.org> napísal:
It seems only (few) small servers dare implementing ed25519.
I don't understand why.
Do you really don't understand that or do you afraid of what is
comming into mind?
AFAIK:
+ collaboration of NSA & RSA (and results) is known
+ question about selection of EC curves are unanswered
+ no known doubts about Ed curves
It seems, that Edward curves are not as good for some parties
as are for others, thus they want to preserve current state as
long as possible. Perhaps once new Snowden will reveal reason...
regards
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
