Re: [mailop] DKIM: ed22519 experiences anyone?
mailauth (https://github.com/andris9/mailauth) library and cli utility can also be used to both verify and sign using Ed25519 DKIM keys. Can't see those keys to become mainstream any time soon though. RSA signature already verifies the message so double signing is basically just for testing purposes but has no practical effect. Probably happens once 2048bit keys are considered too weak and 4096bit keys are just too long for DNS. Regards, Andris Reinman Kontakt Patrick Ben Koetter via mailop () kirjutas kuupäeval T, 16. veebruar 2021 kell 09:50: > Hey Vsevolod! > > * Vsevolod Stakhov via mailop : > > On 15/02/2021 21:02, John Levine via mailop wrote: > > > In article <20210215085929.76srgtpbaqbms...@sys4.de> you write: > > >> Greetings, > > >> > > >> is anyone using ed22519 for DKIM signatures yet and what do you see? > Any > > >> interop problems? > > > > > > Aside from the fact that approximately nobody can validate them yet, > they're fine. > > > > > > So long as you don't try to use the same selector you use with RSA > signatures > > > they shouldn't cause any problems. > > ACK! After some consideration we agreed not to use subdomains of > _domainkey.$DOMAIN.$TLD, but add the algo name as suffix to the selector. > > > > Well, Rspamd can validate them, but I'd suggest to use dual signatures > > for now (RSA + ed25519) when signing - it is also supported by Rspamd > > dkim_signing module, even for the keys rotation scenario. > > I agree! Another standard withou a mechanism to tell feature sets apart. > We'll > have to live with two signatures for an undefined period, until someone > steps > up and forces senders to implement the "replacing feature", because the old > one will fall away on the receiving end. > > p@rick > > -- > [*] sys4 AG > > https://sys4.de, +49 (89) 30 90 46 64 > Schleißheimer Straße 26/MG,80333 München > > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 > Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief > Aufsichtsratsvorsitzender: Florian Kirstein > > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] DKIM: ed22519 experiences anyone?
> On 15 Feb 2021, at 22:29, Vsevolod Stakhov via mailop > wrote: > On 15/02/2021 21:02, John Levine via mailop wrote: >> In article <20210215085929.76srgtpbaqbms...@sys4.de> you write: >>> Greetings, >>> >>> is anyone using ed22519 for DKIM signatures yet and what do you see? Any >>> interop problems? >> >> Aside from the fact that approximately nobody can validate them yet, they're >> fine. >> >> So long as you don't try to use the same selector you use with RSA signatures >> they shouldn't cause any problems. > > Well, Rspamd can validate them, but I'd suggest to use dual signatures > for now (RSA + ed25519) when signing - it is also supported by Rspamd > dkim_signing module, even for the keys rotation scenario. Halon MTA (libdkim++) does support them as well. For about two years we've been collecting DKIM validation statistics for inbound traffic to our own company domains (approx 30M messages in total). We've not seen any differences in failed signatures depending on algorithms used. rsa-sha256 88.63% rsa-sha1 11.31% rsa-sha1 + rsa-sha256 0.05% rsa-sha256 + ed25519-sha2560.01% ed25519-sha256 - rsa-sha1 + ed25519-sha256 - rsa-sha1 + rsa-sha256 + ed25519-sha256 - ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] DKIM: ed22519 experiences anyone?
Hey Vsevolod! * Vsevolod Stakhov via mailop : > On 15/02/2021 21:02, John Levine via mailop wrote: > > In article <20210215085929.76srgtpbaqbms...@sys4.de> you write: > >> Greetings, > >> > >> is anyone using ed22519 for DKIM signatures yet and what do you see? Any > >> interop problems? > > > > Aside from the fact that approximately nobody can validate them yet, > > they're fine. > > > > So long as you don't try to use the same selector you use with RSA > > signatures > > they shouldn't cause any problems. ACK! After some consideration we agreed not to use subdomains of _domainkey.$DOMAIN.$TLD, but add the algo name as suffix to the selector. > Well, Rspamd can validate them, but I'd suggest to use dual signatures > for now (RSA + ed25519) when signing - it is also supported by Rspamd > dkim_signing module, even for the keys rotation scenario. I agree! Another standard withou a mechanism to tell feature sets apart. We'll have to live with two signatures for an undefined period, until someone steps up and forces senders to implement the "replacing feature", because the old one will fall away on the receiving end. p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief Aufsichtsratsvorsitzender: Florian Kirstein ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] DKIM: ed22519 experiences anyone?
On 15/02/2021 21:02, John Levine via mailop wrote: > In article <20210215085929.76srgtpbaqbms...@sys4.de> you write: >> Greetings, >> >> is anyone using ed22519 for DKIM signatures yet and what do you see? Any >> interop problems? > > Aside from the fact that approximately nobody can validate them yet, they're > fine. > > So long as you don't try to use the same selector you use with RSA signatures > they shouldn't cause any problems. > Well, Rspamd can validate them, but I'd suggest to use dual signatures for now (RSA + ed25519) when signing - it is also supported by Rspamd dkim_signing module, even for the keys rotation scenario. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] DKIM: ed22519 experiences anyone?
In article <20210215085929.76srgtpbaqbms...@sys4.de> you write: >Greetings, > >is anyone using ed22519 for DKIM signatures yet and what do you see? Any >interop problems? Aside from the fact that approximately nobody can validate them yet, they're fine. So long as you don't try to use the same selector you use with RSA signatures they shouldn't cause any problems. R's, John ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
