[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: just a test
[Thread Prev] | [Thread Next]
- Subject: Re: just a test
- From: "Charles E. Lehner" <cel@xxxxxxxxxxxx>
- Date: Mon, 18 Jul 2022 10:27:53 -0400
On Sun, 17 Jul 2022 12:00:59 +0200 Alessandro Vesely <vesely@xxxxxxx> wrote: > That's Courier-MTA's implemention of -allow. It can also be used to > mitigate SPF forwarding failures (allowok keyword). > > [...] > > > So your version of OpenDKIM handles ed25519. Cool. > >> dkim=temperror header.d=tana.it header.i=@tana.it > >> header.a=ed25519-sha256 header.s=epsilon header.b=RQWs9USb; > > That must have been a DNS error. Why doesn't it say whether the key > was secure or unprotected? I guess so. I don't know; didn't find anything in the log that looked relevant. > >> dkim=neutral header.d=tana.it header.i=@tana.it > >> header.a=rsa-sha256 header.s=delta header.b=Dfpy1mDS; > > There is no t=s in delta._domainkey.tana.it. Since the verification > failed it should've been temperror too. OK, interesting. Where does t=s come into this? > So there was no signing error. Indeed my server verified all four > signatures. > > Does this message pass? Yes! Authentication-Results: celehner.com; dmarc=pass (p=none dis=none) header.from=tana.it Authentication-Results: celehner.com; spf=pass smtp.mailfrom=dnswl.org Authentication-Results: celehner.com; dkim=pass header.d=dnswl.org header.i=@dnswl.org header.a=ed25519-sha256 header.s=dnswl-ed25519-59hs header.b=iSainu3E; dkim=pass (2048-bit key; unprotected) header.d=dnswl.org header.i=@dnswl.org header.a=rsa-sha256 header.s=dnswl-rsa-wgJg header.b=HJ2cYT74; dkim=pass header.d=tana.it header.i=@tana.it header.a=ed25519-sha256 header.s=epsilon header.b=TVfPJ9Qn; dkim=neutral header.d=tana.it header.i=@tana.it header.a=rsa-sha256 header.s=delta header.b=BhlGeFWS; dkim-atps=neutral ... ARC-Authentication-Results: i=1; mail.dnswl.org; arc=none smtp.remote-ip=62.94.243.226; dkim=pass (512-bit key; secure) header.d=tana.it header.i=@tana.it header.a=ed25519-sha256 header.s=epsilon header.b=RQWs9USb; dkim=pass (1152-bit key; secure) header.d=tana.it header.i=@tana.it header.a=rsa-sha256 header.s=delta header.b=Dfpy1mDS ... Authentication-Results: mail.dnswl.org; arc=none smtp.remote-ip=62.94.243.226 Authentication-Results: mail.dnswl.org; dkim=pass (512-bit key; secure) header.d=tana.it header.i=@tana.it header.a=ed25519-sha256 header.s=epsilon header.b=TVfPJ9Qn; dkim=pass (1152-bit key; secure) header.d=tana.it header.i=@tana.it header.a=rsa-sha256 header.s=delta header.b=BhlGeFWS > > imho tana.it have 512 bit key size, opendkim now have 1024 as > > minimal > key size, dnswl accept key size 512 :=) > > > > what is the gold of ed25519 then ? > > > > update tana.it to 2048 and i believe all bugs are gone > > > No, ed25519 only admits 256-bit keys. That's the main reason why > DKIM adopted it, after the difficulties of entering long keys in the > DSN. Hm. Looks like a mistake then that the result from DNSWL says 512-bit key for epsilon (ed25519-sha256)? -- Regards, Charles
| Re: just a test | Alessandro Vesely <vesely@xxxxxxx> |
| just a test | Benny Pedersen <me@xxxxxxx> |
| Re: just a test | M Champion <debacletw8@xxxxxxxxx> |
| Re: just a test | Benny Pedersen <me@xxxxxxx> |
| Re: just a test | "Charles E. Lehner" <cel@xxxxxxxxxxxx> |
| Re: just a test | Alessandro Vesely <vesely@xxxxxxx> |
| Re: just a test | "Charles E. Lehner" <cel@xxxxxxxxxxxx> |
| Re: just a test | Benny Pedersen <me@xxxxxxx> |
| Re: just a test | Alessandro Vesely <vesely@xxxxxxx> |