Hi, On Mon, 18 May 2026 18:21:45 +0200 Tobias Fiebig via mailop <[email protected]> wrote:
> Removing the ed25519 seems to help; Also, no indicators on the > dashboard > for the IPs, all in good standing, and can also deliver flawlessly > to all other ESPs. Unpopular opinion: The way ed25519 support in DKIM works makes it basically useless, and everyone is probably better off just not generating such signatures. This has nothing to do with the algorithm, and everything with how DKIM works. Usually, if you introduce a new cryptographic algorithm into a protocol, you need some form of negotiation mechanism where you figure out if the other party supports the new algorithm and if you can use it. But DKIM has no such mechanism. As you have no way of knowing whether the other side supports it, you basically can never send e-mails with only ed25519 signatures. Your only practical deployment option is to add ed25519 signatures on top of RSA. Then you only have to worry about extra complexity (bad) and whether there are any bugs on the receiving end that trigger if it sees an unknown signature key type. Furthermore, what's the point? There's no security issue adressed by ed25519. Yeah, people like to hate on RSA, but... if you use it for signatures only, it's mostly fine (most RSA risks affect only encryption). There aren't any huge security issues in RSA signatures even considering implementation flaws, the most significant ones can be avoided by using the standard e=65537 value (and not e=3 which adds some risks even for signatures). Elliptic Curve crypto's main advantage over RSA is size and speed. But given that you cannot use ed25519 in DKIM alone, only in addition to RSA, it only gives you downsides and no upsides. -- Hanno Böck - Independent security researcher https://itsec.hboeck.de/ https://badkeys.info/ _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
