Hi Odhiambo, Dual DKIM signing is simply means signing a message with more than one DKIM key. The specification allows for this and it is pretty common. For example, ESPs typically double sign messages, one signature asso ciated with their own domain, and one associated with the sender’s (their client’s) domain.
Section 4 of the specification (RFC 6376<https://tools.ietf.org/html/rfc6376>) talks more about multiple signatures in case you want further reading. Ken. From: mailop <[email protected]> On Behalf Of Odhiambo Washington via mailop Sent: Thursday 15 April 2021 08:59 To: Stuart Henderson <[email protected]> Cc: Wolfgang Rosenauer <[email protected]>; [email protected] Subject: Re: [mailop] GMail DKIM support for ed25519-sha256 On Tue, Apr 13, 2021 at 6:44 PM Stuart Henderson via mailop <[email protected]<mailto:[email protected]>> wrote: On 2021/04/13 11:11, Wolfgang Rosenauer via mailop wrote: > Hi, > > I'm seeing issues with GMail not recognizing a valid DKIM signature. > > Message is correctly signed like: > DKIM-Signature: v=1; a=ed25519-sha256; > > GMail reports > dkim=neutral (no key) > > while most DKIM validators (incl. dmarcian) are totally fine with the > provided key. > The only reason I could imagine is the key/hash format but I haven't seen > any official documentation from GMail if ed25519-sha256 is supported or not. > > Any ideas or recommendations? I don't know specifically about gmail, but generally support for ed25519 in DKIM is still a bit lacking, I think the advice for this is still to dual-sign. How does dual-signing work? Sorry to sound so ignorant, but I am only hearing about dual-signing for the first time. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-)
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
