Gitweb:
https://git.exim.org/exim.git/commitdiff/27d0d9e6e002b2a9ea9a053e8163523592786ab5
Commit: 27d0d9e6e002b2a9ea9a053e8163523592786ab5
Parent: 05bf16f6217e93594929c8bbbbbc852caf3ed374
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Thu Feb 14 16:44:46 2019 +0000
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Thu Feb 14 16:44:46 2019 +0000
Docs: update DKIM standards info
---
doc/doc-docbook/spec.xfpt | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 0632ba2..d8cf6e7 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -39624,8 +39624,9 @@ Signers MUST use RSA keys of at least 1024 bits for all keys.
Signers SHOULD use RSA keys of at least 2048 bits.
.endd
-Support for EC keys is being developed under
-&url(
https://datatracker.ietf.org/doc/draft-ietf-dcrup-dkim-crypto/).
+.new
+EC keys for DKIM are defined by RFC 8463.
+.wen
They are considerably smaller than RSA keys for equivalent protection.
As they are a recent development, users should consider dual-signing
(by setting a list of selectors, and an expansion for this option)
@@ -39645,10 +39646,12 @@ openssl pkey -outform DER -pubout -in dkim_ed25519.private | tail -c +13 | base6
certtool --load_privkey=dkim_ed25519.private --pubkey_info --outder | tail -c +13 | base64
.endd
-Note that the format
-of Ed25519 keys in DNS has not yet been decided; this release supports
-both of the leading candidates at this time, a future release will
-probably drop support for whichever proposal loses.
+.new
+Exim also supports an alternate format
+of Ed25519 keys in DNS which was a candidate during development
+of the standard, but not adopted.
+A future release will probably drop that support.
+.wen
.option dkim_hash smtp string&!! sha256
Can be set to any one of the supported hash methods, which are:
