IETF Logo Mail Archive

Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing

"Murray S. Kucherawy" <superuser@gmail.com> Thu, 07 March 2024 21:51 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3822CC14F61C for <ietf-dkim@ietfa.amsl.com>; Thu, 7 Mar 2024 13:51:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z70rymbT0nD1 for <ietf-dkim@ietfa.amsl.com>; Thu, 7 Mar 2024 13:51:29 -0800 (PST)
Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA4BAC14F5E9 for <ietf-dkim@ietf.org>; Thu, 7 Mar 2024 13:51:29 -0800 (PST)
Received: by mail-lf1-x12d.google.com with SMTP id 2adb3069b0e04-513056fe2b0so468703e87.0 for <ietf-dkim@ietf.org>; Thu, 07 Mar 2024 13:51:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709848287; x=1710453087; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=6KvLHdrqyTx2DAyxF5/B3PB2OLMxcqFk6nyB76yU+lc=; b=LDhUlz9k+E1iSZJi9grZz827FsUZJFBrsHRuX8FX25fqlLAnqtenahTHgQAyvAy8bD 3yrmOYczPvObBsl0zZ7hmX5rwrn0lJitLy4qCWqYO0ERtCes9xUCMFXGDOHfwQHv3lGu ehkzmx63ELxqNP2EcSocHSQV4vsjAZEtV/bPWuBg96lLDGp4169OMdwWfNwaaoVd6Icn 1UZr3TmzM44+bCAFmK30AW37YkJozOfcljQk7Ss1S9bXreYZdeqeag3lzqOgXGpU/Yg+ v+DMAl1/4jfm8n1eL7uPLWMHCtOEfk4RHLbjFJ3d78F4EPrsfF+SGnOC5csfKjykKW8P xC6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709848287; x=1710453087; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=6KvLHdrqyTx2DAyxF5/B3PB2OLMxcqFk6nyB76yU+lc=; b=IxfdcT0zu9l5LtTdjgAP80DQxDI2LXYYBnfYz8scX0JroA2EAzlTeUj+CR62T0+qyB gjO5+tV4v7UYCILPVRIRoSzv2c36T85y7EmxjeyE62Y+sgSxPzlr5eRyIokfka061QKe BA4Yp7ZGP/hVkVyZeV6cD/1DTqtAv8BalI47k04P3PZXdwh4K+9izQx/jjVZqh6PMK4f kTqHRgxiL1XqQv/1Hw0fNT4Sl12xKEvMKQlVJckAh21vdI+7zJCCMgwy8n1iAkrZHab1 WAhICtZIn4xKdOQJNVKeHmUQBK4B/dYOsIxus7X1alT2iT95OPW5ChSlhQNUjI44i+F0 iNGw==
X-Gm-Message-State: AOJu0YweMWW1QD8FU1CUp+j7uf0RoBbsvnERTiqx1l9yxoDPCQCX1efF EotaX943Br9eWs1aFooCm6TcijwJIYwdNjviuYbZGKfPmfftPRnX0Lmek3ZyhzDwtgO6IL1DBaB c1lB/EjFCtvbiyrRsp9EBjFlKVbuX6f8F
X-Google-Smtp-Source: AGHT+IEMefTItFl+QVeLeuFTLNV4Klqs3KqEqkaHEpV4ajXemp5++DxJPGTlPskMo1NO0nxpKeOJR4VVlRB7q6CphKI=
X-Received: by 2002:a05:6512:92a:b0:513:49de:7e45 with SMTP id f10-20020a056512092a00b0051349de7e45mr92138lft.6.1709848287056; Thu, 07 Mar 2024 13:51:27 -0800 (PST)
MIME-Version: 1.0
References: <20240306215650.uXHHYo2j@steffen%sdaoden.eu> <C9EF0654-C410-46DC-B9A7-716E3ECA0B4E@kitterman.com> <20240306224151.r4D7UEwr@steffen%sdaoden.eu> <b100604b-c117-4234-a6c9-c85ec63fb715@wizmail.org> <20240306233024.6eygSGQS@steffen%sdaoden.eu> <f910d312-2e4f-474a-a286-748e4627885a@andreasschulze.de>
In-Reply-To: <f910d312-2e4f-474a-a286-748e4627885a@andreasschulze.de>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Thu, 07 Mar 2024 13:51:15 -0800
Message-ID: <CAL0qLwY6=17+Oki9-J=gHLG9fSHChqyTje9M7o2imSdL2gyiAw@mail.gmail.com>
To: ietf-dkim@ietf.org
Content-Type: multipart/alternative; boundary="000000000000c51f060613191310"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/dqdi7hr_44CArx9VIjfm5J7giiM>
Subject: Re: [Ietf-dkim] Fwd: Re: [..] Recommendation for dkim signing
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Mar 2024 21:51:30 -0000

On Thu, Mar 7, 2024 at 1:05 PM A. Schulze <sca=
40andreasschulze.de@dmarc.ietf.org> wrote:

> I enabled double signing years ago on my personal domain and last year at
> an medium scale ESP.
> So far, we didn't noticed negative effects.
> Intentionally I removed SPF on my personal domain last year, also without
> any delivery issues.
>
> I also validate both signatures if present but didn't any statistics.
>
> One interesting point is the signature order. Without specific reasons I
> sign rsa first, then ed25519.
> This message is the first, I send with the opposite order: ed25519 first,
> then rsa.
> Let's see, what will happen... My naive assumption: order don't matter.
>

Section 4.2 of RFC 6376 is pretty nebulous about this.  You can do them in
any order, and you can stop after you get one that you like based on
whatever local policy you choose or do them all.

Given the time that's passed since RFC 8463 was published, I'd expect to
have heard that order matters in one way or another if indeed it does.  The
absence of such experience might be telling.

-MSK

v2.23.0 | Report a Bug | By Email