[exim] How to use DKIM with Ed25519 - Dual DKIM signing

Top Page
Delete this message
Reply to this message
Author: Odhiambo Washington
Date:  
To: exim users
Subject: [exim] How to use DKIM with Ed25519 - Dual DKIM signing
I was looking at this article How to use DKIM with Ed25519 - Mailhardener
knowledge base
<https://www.mailhardener.com/kb/how-to-use-dkim-with-ed25519>.
In the section where it discusses the "Transition period considerations" it
says, and I quote:

""
As with any new standard in email, it is expected that it will take some
time before Ed25519 validation
is a common feature in email validators (the receiving services). As such,
it is not recommended to
exclusively rely on Ed25519 for DKIM.
The signer (sending email service) should use a dual DKIM signature
approach where the email is
signed with both an Ed25519 signature, as well as an RSA signature for
backward compatibility.

This means that 2 DKIM DNS records must be created. One containing the
Ed25519 key, and one
with a fall-back RSA type key. The two DKIM DNS records must use a
different selector, as DKIM
does not allow multiple DKIM records to exist with the same selector.

""

Is anyone already doing this with Exim?



--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' :-)