On April 14, 2024 12:51:26 AM UTC, Steffen Nurpmeso <[email protected]> wrote: >Hello. > >Thanks to Hanno Böck (known from ossec and more) i was pointed to >my falsely published ED25519 DKIM key. >Until now that simply was the complete ED25519 public key, just >like for RSA, instead of extracting the actual "bitstring data" >from the standardized ASN.1 container, which starts at offset 16 >(or -offset=12 if you use "openssl asn1parse -noout -out -" aka >the binary blob). > >I realize that RFC 8463 says repeatedly that the base64-encoded >representation of an ED25519 key is 44 bytes, and that the >examples go for this. Still there is no wording that the entire >ASN.1 structure shall be thrown away.
At the time we wrote what became RFC 8463, ASN.1 for ED25519 was not specified yet. Openssl didn't support ED25119 either. I'm not sure what you think we should have put in that we didn't. It seems to me that you are saying that the RFC is correct and clear, but that you were certain you knew better than the RFC. That's not a thing an RFC can fix. Scott K _______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
