On Thu, 7 Nov 2024, Richard Clayton wrote:
One nit, that can be addressed in one of the outcomes: DKIM2 best DNS
practices. ...
elliptic curve keys are considerably smaller than RSA keys ...
I have heard people argue that we should deprecate RSA keys, but that
would mean that you could not use the vast majority of DKIM1 keys with
DKIM2, creating somewhat of a hurdle for adoption
PQ keys are likely to be at least as large as RSA keys if not larger, so I
think that ship has sailed. If DNS responses are signed, which they
usually are for queries to authoritative servers, the responses are even
bigger.
A last nit, many standardized on opendkim, because of interoperability. ...
mandating the same library is clearly not the IETF way ... you will note
that since DKIM2 "bounces" flow back via intermediaries there is
considerably more scope for immediately detecting where inconsistencies
are occurring
Perhaps we can plan for some interop events once there is enough code to
test. IETF tradition says there should be at least two separate
implementations, to find places in a spec that are ambiguous or confusing.
R's,
John
_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org