On Mon, 20 Apr 2026 13:37:29 +1000
Viktor Dukhovni via Postfix-users <[email protected]> wrote:

> Those a sensible choices.  FWIW, my own server has essentially just an
> RSA certificate, there's no tangible benefit to also provisioning  an
> ECDSA certificate at present.
>

When you say there is no benefit, are you referring specifically to the
cryptographic strength of the keys against brute-force attacks? I’ve
been reading about RSA versus ECDSA, and some sources recommend
deploying ECDSA as well, since it uses smaller keys and allows servers
to perform the signing step during the TLS handshake more efficiently.

I haven't actually benchmarked any of this, so not sure how much of a
difference it makes. It may be more relevant to those servers handling
large number of client connections.

> The ML-DSA key is currently ML-DSA-65, but a new server I'm building
> will switch to ML-DSA-44, which has a healthy "security margin", making
> stronger keys overkill in the majority of applications.

I think this is one of the reasons I prefer DANE over MTA-STS. It
removes the middleman (i.e. certificate authorities) and instead
lets you rely on DNSSEC to publish and verify your own keys.
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to