On October 27, 2023 2:56:30 PM UTC, "Murray S. Kucherawy" <[email protected]> wrote: >On Sun, Oct 1, 2023 at 1:50 AM Jan Dušátko <[email protected]> >wrote: > >> I would like to ask to consider the possibility of defining a DKIM >> signature using Ed448. [...] > > >Which DKIM implementations are known to be willing to support this if it >were added? > >ED25519 support was added by a working group called DCRUP. Although that >WG has since closed, the list is still open and you could try posting there >to see if there's interest. > >I don't think there are any working groups currently operating whose >charters include taking up work like this. The registry rules require an >RFC with IETF Consensus, which would mean either a working group or >sponsorship of an Area Director. You would just need to produce a short >document like RFC 8463 to get this done.
My view is that more encryption algorithms are bad for interoperability. For DKIM signing/verifying to work, senders and verifiers need a common algorithm. More choices make this more complex to achieve. We standardized ed25119 as a hedge against unknown vulnerability in RSA. Given the small uptake in ed25119, I'm very unlikely to invest time in implementing yet another crypto algorithm unless it's needed because of known RSA/ed25119 issues. We don't need to hedge the hedge while the primary algorithm (RSA) is fine. Maybe someday, but almost certainly not something I'd implement in the foreseeable future. Scott K _______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
