[Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
Steffen Nurpmeso <steffen@sdaoden.eu> Wed, 06 March 2024 21:56 UTC
Return-Path: <steffen@sdaoden.eu>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AD7BC14F61B for <ietf-dkim@ietfa.amsl.com>; Wed, 6 Mar 2024 13:56:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sdaoden.eu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J67aBYBA_W2j for <ietf-dkim@ietfa.amsl.com>; Wed, 6 Mar 2024 13:56:54 -0800 (PST)
Received: from sdaoden.eu (sdaoden.eu [217.144.132.164]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83ADDC14F5E6 for <ietf-dkim@ietf.org>; Wed, 6 Mar 2024 13:56:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sdaoden.eu; s=citron; t=1709762211; h=date:author:from:to:subject:message-id:author: from:subject:date:to:cc:in-reply-to:references:message-id; bh=0j+bp5+gjOvVl6ZRKIOrgP3d8iqRYcOOz7sNyNQA/M0=; b=LdCfepqi30AWQHoa5Mst/uino64vWYK9dLSKmivavbsgV+RfJ0MjiVWTwh4Modwxeq1kMyt6 QNxMbdJKcWUyjQA6mn6Dkefu/FOaS2T+YyBCFiyFwrb4mfUFfjX4KnzbWaJFvZxMR2C+4KdRkr Xs3DoCTruA2g0sQprLMwEAt7giGLb6e0blAeTWVT0lXm/pX3eP7X8bdiXVzNKZzrCKNgfHZhoZ +pRBpdV7qjEHKFm8WwRHDYnAwCMGaCG1Jmr1NXwjRVbphcOIzioBCLKjHDzEVYaLaLUBwN4Hs8 ZdzOUtkh9zw5J17Ps0+8Q3zNGAD7dIdFKlmc53HjqTPnTvOg==
Date: Wed, 06 Mar 2024 22:56:50 +0100
Author: Steffen Nurpmeso <steffen@sdaoden.eu>
From: Steffen Nurpmeso <steffen@sdaoden.eu>
To: ietf-dkim@ietf.org
Message-ID: <20240306215650.uXHHYo2j@steffen%sdaoden.eu>
Mail-Followup-To: ietf-dkim@ietf.org
User-Agent: s-nail v14.9.24-608-gfa6c5c5231
OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD; url=https://ftp.sdaoden.eu/steffen.asc; preference=signencrypt
BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in the world can make no bugs.
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/2fH9lDvmergT_SJycYv_YJuKMFY>
Subject: [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Mar 2024 21:56:59 -0000
--- Forwarded from Steffen Nurpmeso <steffen@sdaoden.eu> --- Date: Wed, 06 Mar 2024 22:49:48 +0100 Author: Steffen Nurpmeso <steffen@sdaoden.eu> From: Steffen Nurpmeso <steffen@sdaoden.eu> ... Subject: Re: [pfx] Recommendation for dkim signing Message-ID: <20240306214948.V5gSjSiU@steffen%sdaoden.eu> ... ... So now that i have DKIM myself i tested. And *no* verification software i can reach actually supports Ed25519-sha256 as of RFC 8463 from September 2018! It is even *worse* than that. - Google: at least reaches out to the RSA signature and verifies that, it ignores the other one saying "no key". - Microsoft: fails the DKIM test if a RFC 8463 signature is present, no matter whether first or last!!! Is this *really* true? That is really bad. - The software this list uses (rspamd i think): fails if the Ed25519 signature is first, aka does not reach out. (Which it should, says DKIM, does it. The DKIM standard is *fantastic*!) It at least succeeds if the RSA is first. What a mess. Even though explicitly envisioned in the DKIM standard, it seems to me one cannot simply create two signatures, as i wanted to do. (For a while, at least; until i see Ed is supported anywhere. I had no plan, actually.) So as of today DKIM interoperability seems to mean: - Place a single signature. - It must be RSA-sha256. RFC 6376 surely would have deserved something better. ... -- End forward <20240306214948.V5gSjSiU@steffen%sdaoden.eu> --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
- [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim… Steffen Nurpmeso
- Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for … Scott Kitterman
- Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for … Steffen Nurpmeso
- [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim… Steffen Nurpmeso
- Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for … Steffen Nurpmeso
- Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for … Scott Kitterman
- Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for … Steffen Nurpmeso
- Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for … Steffen Nurpmeso
- Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for … Steffen Nurpmeso
- Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for … Jeremy Harris
- Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for … Scott Kitterman
- Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for … Jeremy Harris
- Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for … John Levine
- Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for … A. Schulze
- Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for … Steffen Nurpmeso
- Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for … Murray S. Kucherawy