Steffen Nurpmeso via Postfix-users wrote in
<20231030191124.5ou-x%[email protected]>:
|It seems to me there is not much interest of mail operators in
|stepping to ed25519, reducing the payload of DNS and email?
|I know dkimpy supports it (and more -- but is python, uuuh!) for
|long, but OpenDKIM is unchanged for eight years. (At least my
|sf.net import from 2017-09-23 still stands.)
So now that i have DKIM myself i tested.
And *no* verification software i can reach actually supports
Ed25519-sha256 as of RFC 8463 from September 2018!
It is even *worse* than that.
- Google: at least reaches out to the RSA signature and verifies
that, it ignores the other one saying "no key".
- Microsoft: fails the DKIM test if a RFC 8463 signature is
present, no matter whether first or last!!!
Is this *really* true? That is really bad.
- The software this list uses (rspamd i think): fails if the
Ed25519 signature is first, aka does not reach out. (Which it
should, says DKIM, does it. The DKIM standard is
*fantastic*!) It at least succeeds if the RSA is first.
What a mess. Even though explicitly envisioned in the DKIM
standard, it seems to me one cannot simply create two signatures,
as i wanted to do. (For a while, at least; until i see Ed is
supported anywhere. I had no plan, actually.)
So as of today DKIM interoperability seems to mean:
- Place a single signature.
- It must be RSA-sha256.
RFC 6376 surely would have deserved something better.
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
