On Fri, Apr 22, 2022 at 06:33:42PM -0400, Wietse Venema wrote:
> (alice):
> > I have made ssl with letsencrypt done :) I found either startssl or TLS
> > works. so may i ask is there a guide for adding DKIM to the outgoing
> > messages with the same letsencrypt certs?
>
> TLS is not DKIM. TLS is for hop-by-hop channel security and DKIM
> for end-to-end message authenticity. There is no need to share keys
> between these two.
Indeed since DKIM public keys are published (without much care about
security) via typically unsigned DNS, there is no use of "certificates"
in DKIM, and it is not possible for Let's Encrypt to play any role.
The RSA (or bleeding edge EC/EdDSA) keys used for DKIM are just raw
certificate-less keys, and need not and SHOULD NOT be used for TLS.
--
Viktor.
