Hello all, Thanks for having me on the list. I'm working for German BSI and am one of the persons behind our technical guidelines concerning mail security.
In our guideline for mail authentication we require sending mail servers to apply DKIM signatures using RSA (1024 or 2048 bit) and ED25119. I know that validating ED25119 signatures isn't as widespread as it probably should be, but I have recently been informed that some receiving mail servers may even downgrade a mails reputation in the case of an existing valid ED25119 signature, if they don't have the capabilities to validate the signature. This even happens if the ED25119 signature is accompanied by a valid RSA signature. Since the expected behavior of the receiver from my understanding is to simply ignore the ED25119 signature I was surprised to hear about this. We ourselves have been applying both signatures for a while now and didn't run into any sort of problems (that we know of). I'm now trying to figure out, if this problem is a mass phenomenon or a 'just a few who get it wrong'-thing. If anybody has valuable thoughts on this they'd be very much appreciated :-) Kind regards, Florian
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
