Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
On Thu, Mar 7, 2024 at 1:05 PM A. Schulze wrote: > I enabled double signing years ago on my personal domain and last year at > an medium scale ESP. > So far, we didn't noticed negative effects. > Intentionally I removed SPF on my personal domain last year, also without > any delivery issues. > > I also validate both signatures if present but didn't any statistics. > > One interesting point is the signature order. Without specific reasons I > sign rsa first, then ed25519. > This message is the first, I send with the opposite order: ed25519 first, > then rsa. > Let's see, what will happen... My naive assumption: order don't matter. > Section 4.2 of RFC 6376 is pretty nebulous about this. You can do them in any order, and you can stop after you get one that you like based on whatever local policy you choose or do them all. Given the time that's passed since RFC 8463 was published, I'd expect to have heard that order matters in one way or another if indeed it does. The absence of such experience might be telling. -MSK ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
Jeremy Harris wrote in : |On 06/03/2024 23:30, Steffen Nurpmeso wrote: |> Does this mean you do use Ed25519 and RSA since over four years in |> regular email? It*brakes things*!? | |Yes. And no, not that I've noticed. Thanks. Good to know. I give it a try. --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
Am 07.03.24 um 00:30 schrieb Steffen Nurpmeso: Interesting; i see selectors [er]202001. Does this mean you do use Ed25519 and RSA since over four years in regular email? It *brakes things*!? Hi, I enabled double signing years ago on my personal domain and last year at an medium scale ESP. So far, we didn't noticed negative effects. Intentionally I removed SPF on my personal domain last year, also without any delivery issues. I also validate both signatures if present but didn't any statistics. One interesting point is the signature order. Without specific reasons I sign rsa first, then ed25519. This message is the first, I send with the opposite order: ed25519 first, then rsa. Let's see, what will happen... My naive assumption: order don't matter. Andreas ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
It appears that Scott Kitterman said: >This isn't horrible. The main reason for RFC 8463 was, in my view, as a hedge >for some discovery that suddenly made RSA >obsolete, which hasn't happened yet. From a standards perspective, it is >there if needed. Yes, that is exactly the reason I wrote it. My MTA doesn't generate or validate Ed25519 signatures either. Maybe someday when I have some spare time. R's, John ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim