> On 15 Feb 2021, at 22:29, Vsevolod Stakhov via mailop <mailop@mailop.org> > wrote: > On 15/02/2021 21:02, John Levine via mailop wrote: >> In article <20210215085929.76srgtpbaqbms...@sys4.de> you write: >>> Greetings, >>> >>> is anyone using ed22519 for DKIM signatures yet and what do you see? Any >>> interop problems? >> >> Aside from the fact that approximately nobody can validate them yet, they're >> fine. >> >> So long as you don't try to use the same selector you use with RSA signatures >> they shouldn't cause any problems. > > Well, Rspamd can validate them, but I'd suggest to use dual signatures > for now (RSA + ed25519) when signing - it is also supported by Rspamd > dkim_signing module, even for the keys rotation scenario.
Halon MTA (libdkim++) does support them as well. For about two years we've been collecting DKIM validation statistics for inbound traffic to our own company domains (approx 30M messages in total). We've not seen any differences in failed signatures depending on algorithms used. rsa-sha256 88.63% rsa-sha1 11.31% rsa-sha1 + rsa-sha256 0.05% rsa-sha256 + ed25519-sha256 0.01% ed25519-sha256 - rsa-sha1 + ed25519-sha256 - rsa-sha1 + rsa-sha256 + ed25519-sha256 - _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
