Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing

[Scott Kitterman <ietf-dkim@kitterman.com>]

On March 6, 2024 10:41:51 PM UTC, Steffen Nurpmeso <steffen@sdaoden.eu> wrote:
>Scott Kitterman wrote in
> <C9EF0654-C410-46DC-B9A7-716E3ECA0B4E@kitterman.com>:
> |On March 6, 2024 9:56:50 PM UTC, Steffen Nurpmeso <steffen@sdaoden.eu> \
> |wrote:
> |>--- Forwarded from Steffen Nurpmeso <steffen@sdaoden.eu> ---
> |>Date: Wed, 06 Mar 2024 22:49:48 +0100
> |>Author: Steffen Nurpmeso <steffen@sdaoden.eu>
> |>From: Steffen Nurpmeso <steffen@sdaoden.eu>
> |>...
> |>Subject: Re: [pfx] Recommendation for dkim signing
> |>Message-ID: <20240306214948.V5gSjSiU@steffen%sdaoden.eu>
> |>...
> |>
> |>...
> |>So now that i have DKIM myself i tested.
> |>And *no* verification software i can reach actually supports
> |>Ed25519-sha256 as of RFC 8463 from September 2018!
> |
> |In addition to my dkimpy-milter, exam supports it and believe opendkim \
>
>Yes, you do support it.  I know of no endpoint i could reach out
>to test this, however.  But yes, of course your software
>thankfully supports it.
>
> |does as well.  Their combined market share no doubt rounds to zero, \
> |but the software does exist.
>
>exam i do not know, and OpenDKIM i am pretty sure does not support
>it, at least the Sourceforge.net thing; i have a local copy and
>the last change was in 2015.
>
> |This isn't horrible.  The main reason for RFC 8463 was, in my view, \
> |as a hedge for some discovery that suddenly made RSA obsolete, which \
> |hasn't happened yet.  From a standards perspective, it is there if needed.
>
>It greatly reduces the size of the headers, too.  And of the DNS
>entries, and the DNS traffic as such, in UDP.
>
>I would speak contra and say it is a terrible picture.
>And one mail i would have written right now in the queue.

For opendkim, you need to look on GitHub.  There has been some further development there.

Scott K