is ed25519 keys only useful if the server checking the public key can decode ed25519 keys?

Asked by Danie de Jager on 2019-05-29

ED25519 was only added to OpenSSL 1.1.1 hence being a new signature scheme is it viable to start using it yet? Do I have to wait for everyone to update their MTAs' to support ED25519 first?

I'm hoping to use dkimpy to play a role to automate key-rotation.

Question information

Language:
English Edit question
Status:
Solved
For:
dkimpy Edit question
Assignee:
No assignee Edit question
Solved by:
Scott Kitterman
Solved:
2019-06-10
Last query:
2019-06-10
Last reply:
2019-05-31
Best Scott Kitterman (kitterman) said : #1

dkimpy uses libsodium, not openssl for Ed25519, so openssl version isn't relevant dkimpy.

Currently it would not be very effective to sign using only Ed25519. The current best practice is to double sign rsa-sha256 and ed25519=-sha256. This is very similar to how when DKIM was originally fielded it was encourages to sign rsa-sha1 and rsa-sha256 since not everyone could verify rsa-sha256 at the time.

Danie de Jager (danie.dejager) said : #2

Thank you for your input in helping me better understand.

Danie de Jager (danie.dejager) said : #3

Thanks Scott Kitterman, that solved my question.