Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
On Thu, Mar 7, 2024 at 1:05 PM A. Schulze wrote: > I enabled double signing years ago on my personal domain and last year at > an medium scale ESP. > So far, we didn't noticed negative effects. > Intentionally I removed SPF on my personal domain last year, also without > any delivery issues. > > I also validate both signatures if present but didn't any statistics. > > One interesting point is the signature order. Without specific reasons I > sign rsa first, then ed25519. > This message is the first, I send with the opposite order: ed25519 first, > then rsa. > Let's see, what will happen... My naive assumption: order don't matter. > Section 4.2 of RFC 6376 is pretty nebulous about this. You can do them in any order, and you can stop after you get one that you like based on whatever local policy you choose or do them all. Given the time that's passed since RFC 8463 was published, I'd expect to have heard that order matters in one way or another if indeed it does. The absence of such experience might be telling. -MSK ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
Jeremy Harris wrote in : |On 06/03/2024 23:30, Steffen Nurpmeso wrote: |> Does this mean you do use Ed25519 and RSA since over four years in |> regular email? It*brakes things*!? | |Yes. And no, not that I've noticed. Thanks. Good to know. I give it a try. --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
Am 07.03.24 um 00:30 schrieb Steffen Nurpmeso: Interesting; i see selectors [er]202001. Does this mean you do use Ed25519 and RSA since over four years in regular email? It *brakes things*!? Hi, I enabled double signing years ago on my personal domain and last year at an medium scale ESP. So far, we didn't noticed negative effects. Intentionally I removed SPF on my personal domain last year, also without any delivery issues. I also validate both signatures if present but didn't any statistics. One interesting point is the signature order. Without specific reasons I sign rsa first, then ed25519. This message is the first, I send with the opposite order: ed25519 first, then rsa. Let's see, what will happen... My naive assumption: order don't matter. Andreas ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
It appears that Scott Kitterman said: >This isn't horrible. The main reason for RFC 8463 was, in my view, as a hedge >for some discovery that suddenly made RSA >obsolete, which hasn't happened yet. From a standards perspective, it is >there if needed. Yes, that is exactly the reason I wrote it. My MTA doesn't generate or validate Ed25519 signatures either. Maybe someday when I have some spare time. R's, John ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
On 06/03/2024 23:30, Steffen Nurpmeso wrote: Does this mean you do use Ed25519 and RSA since over four years in regular email? It*brakes things*!? Yes. And no, not that I've noticed. -- Cheers, Jeremy ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
Jeremy Harris wrote in : |On 06/03/2024 22:41, Steffen Nurpmeso wrote: |> exam i do not know | |exim, possibly? Interesting; i see selectors [er]202001. Does this mean you do use Ed25519 and RSA since over four years in regular email? It *brakes things*!? --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
On March 6, 2024 11:12:38 PM UTC, Jeremy Harris wrote: >On 06/03/2024 22:41, Steffen Nurpmeso wrote: >> exam i do not know > >exim, possibly? Yes. Sorry. It looks like autocorrect got me. Scott K ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
On 06/03/2024 22:41, Steffen Nurpmeso wrote: exam i do not know exim, possibly? -- Cheers, Jeremy ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
Steffen Nurpmeso wrote in <20240306230526.tcmkMKA1@steffen%sdaoden.eu>: ... |Btw now that i look at that thanks to my configurable header |display in the console based MUA i use, you use Ed25519 first and |then RSA, forcefully breaking the incapable IETF DKIM checks and (Not true. One passes. The other is not supported.) |Microsoft as a whole. That is brave! |I follow (a bit) by re-enabling Ed!! | |Ciao, and greetings from Germany! --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
Scott Kitterman wrote in <9ee553ec-aa5b-4dac-bf4d-9a0ffb289...@kitterman.com>: |On March 6, 2024 10:41:51 PM UTC, Steffen Nurpmeso \ |wrote: |>Scott Kitterman wrote in |> : |>|On March 6, 2024 9:56:50 PM UTC, Steffen Nurpmeso \ |>|wrote: ... |>|>So now that i have DKIM myself i tested. |>|>And *no* verification software i can reach actually supports |>|>Ed25519-sha256 as of RFC 8463 from September 2018! |>| |>|In addition to my dkimpy-milter, exam supports it and believe opendkim \ |> |>Yes, you do support it. I know of no endpoint i could reach out |>to test this, however. But yes, of course your software |>thankfully supports it. ... |>exam i do not know, and OpenDKIM i am pretty sure does not support |>it, at least the Sourceforge.net thing; i have a local copy and |>the last change was in 2015. ... |For opendkim, you need to look on GitHub. There has been some further \ |development there. Oh! Hmm. The difference seems niche i'd say. Btw now that i look at that thanks to my configurable header display in the console based MUA i use, you use Ed25519 first and then RSA, forcefully breaking the incapable IETF DKIM checks and Microsoft as a whole. That is brave! I follow (a bit) by re-enabling Ed!! Ciao, and greetings from Germany! --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
Steffen Nurpmeso wrote in <20240306224151.r4D7UEwr@steffen%sdaoden.eu>: |Scott Kitterman wrote in | : ||On March 6, 2024 9:56:50 PM UTC, Steffen Nurpmeso \ ||wrote: ... ||>So now that i have DKIM myself i tested. ||>And *no* verification software i can reach actually supports ||>Ed25519-sha256 as of RFC 8463 from September 2018! || ||In addition to my dkimpy-milter, exam supports it and believe opendkim \ ... ||This isn't horrible. The main reason for RFC 8463 was, in my view, \ ||as a hedge for some discovery that suddenly made RSA obsolete, which \ ||hasn't happened yet. From a standards perspective, it is there if needed. | |It greatly reduces the size of the headers, too. And of the DNS |entries, and the DNS traffic as such, in UDP. | |I would speak contra and say it is a terrible picture. |And one mail i would have written right now in the queue. One more contra, please. In the software i have just written, the required code snippet to support RFC 8463 is in one conditional OR. In fact i am quite happy to contra, and hope at least one OpenSSL people reads it, because i complained about this interface a month ago i think. /* Unfortunately there is no easy accessible property that tells us which codepath to take */ EVP_MD_CTX_reset(mdcp->mdc_md_ctx); if(!EVP_DigestSignInit(mdcp->mdc_md_ctx, NIL, mdcp->mdc_md->md_md, NIL, kp->k_key) && ^ This is RSA. !EVP_DigestSignInit(mdcp->mdc_md_ctx, NIL, NIL, NIL, kp->k_key)){ ^ This is Ed25519. Unfortunately nothing but brute force trials are possible to detect which code path to take. (It is worse actually, as i said on the openssl-users list by quoting a OpenSSL commit message, there is now a door open to make this way of doing things impossible, and who knows whether they will go through it or not.) Yes another reason to cheer RFC 6376 for this to be possible. Ie, the possibly lengthy body with a stream-enabled digest, and the cryptographic signature, that possibly is not stream-capable, but requires one-shot signing, only for the header! RFC 6376 is fantastic. (Except for LF + CR.) --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
On March 6, 2024 10:41:51 PM UTC, Steffen Nurpmeso wrote: >Scott Kitterman wrote in > : > |On March 6, 2024 9:56:50 PM UTC, Steffen Nurpmeso \ > |wrote: > |>--- Forwarded from Steffen Nurpmeso --- > |>Date: Wed, 06 Mar 2024 22:49:48 +0100 > |>Author: Steffen Nurpmeso > |>From: Steffen Nurpmeso > |>... > |>Subject: Re: [pfx] Recommendation for dkim signing > |>Message-ID: <20240306214948.V5gSjSiU@steffen%sdaoden.eu> > |>... > |> > |>... > |>So now that i have DKIM myself i tested. > |>And *no* verification software i can reach actually supports > |>Ed25519-sha256 as of RFC 8463 from September 2018! > | > |In addition to my dkimpy-milter, exam supports it and believe opendkim \ > >Yes, you do support it. I know of no endpoint i could reach out >to test this, however. But yes, of course your software >thankfully supports it. > > |does as well. Their combined market share no doubt rounds to zero, \ > |but the software does exist. > >exam i do not know, and OpenDKIM i am pretty sure does not support >it, at least the Sourceforge.net thing; i have a local copy and >the last change was in 2015. > > |This isn't horrible. The main reason for RFC 8463 was, in my view, \ > |as a hedge for some discovery that suddenly made RSA obsolete, which \ > |hasn't happened yet. From a standards perspective, it is there if needed. > >It greatly reduces the size of the headers, too. And of the DNS >entries, and the DNS traffic as such, in UDP. > >I would speak contra and say it is a terrible picture. >And one mail i would have written right now in the queue. For opendkim, you need to look on GitHub. There has been some further development there. Scott K ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
[Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
--- Forwarded from Steffen Nurpmeso --- Date: Wed, 06 Mar 2024 23:43:00 +0100 Author: Steffen Nurpmeso From: Steffen Nurpmeso ... Subject: Re: [..] Recommendation for dkim signing Message-ID: <20240306224300.AvxERJ7Z@steffen%sdaoden.eu> ... One. Last. Message. Of mine. And sorry for all this mostly off-topic noise. Steffen Nurpmeso wrote in <20240306214948.V5gSjSiU@steffen%sdaoden.eu>: ... |So now that i have DKIM myself i tested. |And *no* verification software i can reach actually supports |Ed25519-sha256 as of RFC 8463 from September 2018! |It is even *worse* than that. ... | - Microsoft: fails the DKIM test if a RFC 8463 signature is |present, no matter whether first or last!!! |Is this *really* true? That is really bad. + It even actively fails SHA1 DKIM signatures. I know these are deprecated, but if i use a rsa-sha1 and a rsa-sha256 signature in that order: Authentication-Results: spf=pass (sender IP is 217.144.132.164) smtp.mailfrom=sdaoden.eu; dkim=fail (body hash did not verify) header.d=sdaoden.eu;dmarc=bestguesspass action=none header.from=sdaoden.eu;compauth=pass reason=109 The *very*same* message/-checkum passes Google: Authentication-Results: mx.google.com; dkim=pass (test mode) header.i=@sdaoden.eu header.s=lemon header.b=meYlPkTE; dkim=pass (test mode) header.i=@sdaoden.eu header.s=citron header.b=Cehr1W9z; spf=pass (google.com: domain of stef...@sdaoden.eu designates 217.144.132.164 as permitted sender) smtp.mailfrom=stef...@sdaoden.eu Looking at that. Say, the Microsoft Authentication-Results: does not denote its own domain name, no? Ie i could not strip it. I have not read RFC 8601 for very too long to know, though. They do not look at the h=sha1 of the DNS record, do they. They do not look at the a= of the DKIM signature. ... | - Place a single signature. | | - It must be RSA-sha256. And exactly only that. |RFC 6376 surely would have deserved something better. Good night, greetings, and Ciao from Germany, -- End forward <20240306224300.AvxERJ7Z@steffen%sdaoden.eu> --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
Scott Kitterman wrote in : |On March 6, 2024 9:56:50 PM UTC, Steffen Nurpmeso \ |wrote: |>--- Forwarded from Steffen Nurpmeso --- |>Date: Wed, 06 Mar 2024 22:49:48 +0100 |>Author: Steffen Nurpmeso |>From: Steffen Nurpmeso |>... |>Subject: Re: [pfx] Recommendation for dkim signing |>Message-ID: <20240306214948.V5gSjSiU@steffen%sdaoden.eu> |>... |> |>... |>So now that i have DKIM myself i tested. |>And *no* verification software i can reach actually supports |>Ed25519-sha256 as of RFC 8463 from September 2018! | |In addition to my dkimpy-milter, exam supports it and believe opendkim \ Yes, you do support it. I know of no endpoint i could reach out to test this, however. But yes, of course your software thankfully supports it. |does as well. Their combined market share no doubt rounds to zero, \ |but the software does exist. exam i do not know, and OpenDKIM i am pretty sure does not support it, at least the Sourceforge.net thing; i have a local copy and the last change was in 2015. |This isn't horrible. The main reason for RFC 8463 was, in my view, \ |as a hedge for some discovery that suddenly made RSA obsolete, which \ |hasn't happened yet. From a standards perspective, it is there if needed. It greatly reduces the size of the headers, too. And of the DNS entries, and the DNS traffic as such, in UDP. I would speak contra and say it is a terrible picture. And one mail i would have written right now in the queue. --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
On March 6, 2024 9:56:50 PM UTC, Steffen Nurpmeso wrote: >--- Forwarded from Steffen Nurpmeso --- >Date: Wed, 06 Mar 2024 22:49:48 +0100 >Author: Steffen Nurpmeso >From: Steffen Nurpmeso >... >Subject: Re: [pfx] Recommendation for dkim signing >Message-ID: <20240306214948.V5gSjSiU@steffen%sdaoden.eu> >... > >... >So now that i have DKIM myself i tested. >And *no* verification software i can reach actually supports >Ed25519-sha256 as of RFC 8463 from September 2018! In addition to my dkimpy-milter, exam supports it and believe opendkim does as well. Their combined market share no doubt rounds to zero, but the software does exist. This isn't horrible. The main reason for RFC 8463 was, in my view, as a hedge for some discovery that suddenly made RSA obsolete, which hasn't happened yet. From a standards perspective, it is there if needed. Scott K ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
[Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
--- Forwarded from Steffen Nurpmeso --- Date: Wed, 06 Mar 2024 22:49:48 +0100 Author: Steffen Nurpmeso From: Steffen Nurpmeso ... Subject: Re: [pfx] Recommendation for dkim signing Message-ID: <20240306214948.V5gSjSiU@steffen%sdaoden.eu> ... ... So now that i have DKIM myself i tested. And *no* verification software i can reach actually supports Ed25519-sha256 as of RFC 8463 from September 2018! It is even *worse* than that. - Google: at least reaches out to the RSA signature and verifies that, it ignores the other one saying "no key". - Microsoft: fails the DKIM test if a RFC 8463 signature is present, no matter whether first or last!!! Is this *really* true? That is really bad. - The software this list uses (rspamd i think): fails if the Ed25519 signature is first, aka does not reach out. (Which it should, says DKIM, does it. The DKIM standard is *fantastic*!) It at least succeeds if the RSA is first. What a mess. Even though explicitly envisioned in the DKIM standard, it seems to me one cannot simply create two signatures, as i wanted to do. (For a while, at least; until i see Ed is supported anywhere. I had no plan, actually.) So as of today DKIM interoperability seems to mean: - Place a single signature. - It must be RSA-sha256. RFC 6376 surely would have deserved something better. ... -- End forward <20240306214948.V5gSjSiU@steffen%sdaoden.eu> --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) ___ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim