verification fails for rfc8463-mandate ed25519-signed dkim keys: "unsupported algorithm ed25519-sha256"
pgnd opened this issue · 3 comments
pgnd commented
I'm using authentication_milter, and have/test @ fastmail.
I'm dual-signing my outbound, with both -rsa & -ed25519 dkim keys
rfc
A New Cryptographic Signature Method for DomainKeys Identified Mail (DKIM)
https://datatracker.ietf.org/doc/html/rfc8463
states
https://datatracker.ietf.org/doc/html/rfc8463#section-5
that
5. Choice and Strength of Keys and Algorithms
Section 3.3 of [RFC6376] describes DKIM's hash and signature
algorithms. It is updated as follows:
Signers SHOULD implement and verifiers MUST implement the Ed25519-SHA256 algorithm.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
testing @ fastmail, my rec'd mail headers report,
Authentication-Results: mx6.messagingengine.com;
dkim=invalid (unsupported algorithm ed25519-sha256, 0-bit key)
I'm working on an issue, with more detail, here,
https://bugs.launchpad.net/dkimpy-milter/+bug/1901569/comments/6
not 100% clear yet where the problem lies ...
assuming that I'm reading the rfc correctly,
DOES authentication_milter currently/correctly support Ed25519-SHA256 algorithm dkim verification?
marcbradshaw commented
ed25519 support needs to be added to Mail::DKIM first, it's on the to do list, but there are many things above it.
pgnd commented
aral commented
Any updates on this? Would be nice to see Fastmail leading on this.