--- Forwarded from Steffen Nurpmeso <stef...@sdaoden.eu> --- Date: Wed, 06 Mar 2024 23:43:00 +0100 Author: Steffen Nurpmeso <stef...@sdaoden.eu> From: Steffen Nurpmeso <stef...@sdaoden.eu> ... Subject: Re: [..] Recommendation for dkim signing Message-ID: <20240306224300.AvxERJ7Z@steffen%sdaoden.eu> ...
One. Last. Message. Of mine. And sorry for all this mostly off-topic noise. Steffen Nurpmeso wrote in <20240306214948.V5gSjSiU@steffen%sdaoden.eu>: ... |So now that i have DKIM myself i tested. |And *no* verification software i can reach actually supports |Ed25519-sha256 as of RFC 8463 from September 2018! |It is even *worse* than that. ... | - Microsoft: fails the DKIM test if a RFC 8463 signature is | present, no matter whether first or last!!! | Is this *really* true? That is really bad. + It even actively fails SHA1 DKIM signatures. I know these are deprecated, but if i use a rsa-sha1 and a rsa-sha256 signature in that order: Authentication-Results: spf=pass (sender IP is 217.144.132.164) smtp.mailfrom=sdaoden.eu; dkim=fail (body hash did not verify) header.d=sdaoden.eu;dmarc=bestguesspass action=none header.from=sdaoden.eu;compauth=pass reason=109 The *very*same* message/-checkum passes Google: Authentication-Results: mx.google.com; dkim=pass (test mode) header.i=@sdaoden.eu header.s=lemon header.b=meYlPkTE; dkim=pass (test mode) header.i=@sdaoden.eu header.s=citron header.b=Cehr1W9z; spf=pass (google.com: domain of stef...@sdaoden.eu designates 217.144.132.164 as permitted sender) smtp.mailfrom=stef...@sdaoden.eu Looking at that. Say, the Microsoft Authentication-Results: does not denote its own domain name, no? Ie i could not strip it. I have not read RFC 8601 for very too long to know, though. They do not look at the h=sha1 of the DNS record, do they. They do not look at the a= of the DKIM signature. ... | - Place a single signature. | | - It must be RSA-sha256. And exactly only that. |RFC 6376 surely would have deserved something better. Good night, greetings, and Ciao from Germany, -- End forward <20240306224300.AvxERJ7Z@steffen%sdaoden.eu> --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim