Steffen Nurpmeso wrote in <20240306224151.r4D7UEwr@steffen%sdaoden.eu>: |Scott Kitterman wrote in | <c9ef0654-c410-46dc-b9a7-716e3eca0...@kitterman.com>: ||On March 6, 2024 9:56:50 PM UTC, Steffen Nurpmeso <stef...@sdaoden.eu> \ ||wrote: ... ||>So now that i have DKIM myself i tested. ||>And *no* verification software i can reach actually supports ||>Ed25519-sha256 as of RFC 8463 from September 2018! || ||In addition to my dkimpy-milter, exam supports it and believe opendkim \ ... ||This isn't horrible. The main reason for RFC 8463 was, in my view, \ ||as a hedge for some discovery that suddenly made RSA obsolete, which \ ||hasn't happened yet. From a standards perspective, it is there if needed. | |It greatly reduces the size of the headers, too. And of the DNS |entries, and the DNS traffic as such, in UDP. | |I would speak contra and say it is a terrible picture. |And one mail i would have written right now in the queue.
One more contra, please. In the software i have just written, the required code snippet to support RFC 8463 is in one conditional OR. In fact i am quite happy to contra, and hope at least one OpenSSL people reads it, because i complained about this interface a month ago i think. /* Unfortunately there is no easy accessible property that tells us which codepath to take */ EVP_MD_CTX_reset(mdcp->mdc_md_ctx); if(!EVP_DigestSignInit(mdcp->mdc_md_ctx, NIL, mdcp->mdc_md->md_md, NIL, kp->k_key) && ^ This is RSA. !EVP_DigestSignInit(mdcp->mdc_md_ctx, NIL, NIL, NIL, kp->k_key)){ ^ This is Ed25519. Unfortunately nothing but brute force trials are possible to detect which code path to take. (It is worse actually, as i said on the openssl-users list by quoting a OpenSSL commit message, there is now a door open to make this way of doing things impossible, and who knows whether they will go through it or not.) Yes another reason to cheer RFC 6376 for this to be possible. Ie, the possibly lengthy body with a stream-enabled digest, and the cryptographic signature, that possibly is not stream-capable, but requires one-shot signing, only for the header! RFC 6376 is fantastic. (Except for LF + CR.) --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim