On Thu, 21 Dec 2023, John R Levine via mailop wrote:
On Thu 21/Dec/2023 10:37:52 +0100 John Levine via mailop wrote:
Yes, your code should handle them. No, that doesn't mean you should sign
with them.
Yup. The question was why Gmail doesn't /verify/ ed25519 signatures.
Answering that they do so because it's not necessary to use them doesn't
sound real. That way, they are damaging the halo of steady innovators that
their pushing on authentication might evoke...
Sorry, but I don't understand what you are saying.
I'm sure that Google has code somewhere that can validate ED25519 signatures.
But that does not mean that it would be a good idea for them to use that code
in production today and try to update their reputation systems to deal with
the dual signing that implies.
As I've said several times, unless there is a cryptographic problem with RSA,
there is no reason to *use* any other kind of signature.
Unless we enable ED25519 verification ahead of time, if or when RSA is
broken we wil have to coordinate the switch from RSA to ED25519 signatures,
which makes the unsecured gap longer than necessary.
Does the standard explain how we will all know when to switch ?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop