Add support of ED25519-SHA256 for signing DKIM Keys #2972
Comments
|
I will add it as FR, but I don't think we will add it very soon. Not many servers can actually validate them, btw. We could double-sign, but that's just overly complicated for most people running a mailcow. Same with this multi-cert stuff with RSA and ECDSA. Multiple different TLSA records per domains sound fun for most people, who chose mailcow to reduce the hassle. I think DKIM with ED25519 is not too far away though. :) Thanks for your FR! |
|
Hi @andryyy, Yeah I know that it's new and it's better for mails when the policy is the most open and not too "modern" to be able to receive and send mail from/to everyone. :) But I think it's a feature that can say to everyone that "mailcow support it !" and yeah I know it's not in the top of priority. :) |
@andryyy Is support for signing mails with ED25519 DKIM keys still on the roadmap for mailcow? |
|
Yes, in the future. We will do dual signing at some point. As of today it is pretty much not checked at all... |
|
It is. |
|
Hi, It's been 4yrs now. We should not keep messing up our TXT RR with very long RSA 1024/2048 bit pubkey - or should we go to RSA 4096 seriously? It's a stupid idea. Let's boost the entire world to use shorter elliptic curve algo. |
|
+1 |
Hi everyone,
I ask for a feature that could be interesting. Actually the mailCow suite only support DKIM keys signed with RSA through the web UI. Since 04/02/2019, Rspamd added support for signing DKIM keys with ED25519 with SHA256 regarding the new RFC 8463.
So it could be good to add the option of generating/importing and supporting DKIM keys signed with ED25519-SHA256 in addition of RSA keys.
Thank you for you time :)
Saldru
The text was updated successfully, but these errors were encountered: