On Mon, 20 Apr 2026 13:37:29 +1000 Viktor Dukhovni via Postfix-users <[email protected]> wrote:
> Those a sensible choices. FWIW, my own server has essentially just an > RSA certificate, there's no tangible benefit to also provisioning an > ECDSA certificate at present. > When you say there is no benefit, are you referring specifically to the cryptographic strength of the keys against brute-force attacks? I’ve been reading about RSA versus ECDSA, and some sources recommend deploying ECDSA as well, since it uses smaller keys and allows servers to perform the signing step during the TLS handshake more efficiently. I haven't actually benchmarked any of this, so not sure how much of a difference it makes. It may be more relevant to those servers handling large number of client connections. > The ML-DSA key is currently ML-DSA-65, but a new server I'm building > will switch to ML-DSA-44, which has a healthy "security margin", making > stronger keys overkill in the majority of applications. I think this is one of the reasons I prefer DANE over MTA-STS. It removes the middleman (i.e. certificate authorities) and instead lets you rely on DNSSEC to publish and verify your own keys. _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
