On Thu, Apr 15, 2021 at 12:50 PM Stuart Henderson <[email protected]> wrote:
> On 2021/04/15 10:58, Odhiambo Washington via mailop wrote: > > > > On Tue, Apr 13, 2021 at 6:44 PM Stuart Henderson via mailop < > > [email protected]> wrote: > > > > I don't know specifically about gmail, but generally support for > > ed25519 > > in DKIM is still a bit lacking, I think the advice for this is > > still to > > dual-sign. > > > > > > How does dual-signing work? Sorry to sound so ignorant, but I am only > > hearing about dual-signing for the first time. > > Just like it sounds, add two DKIM headers, one signed using RSA, one using > ed25519. Different selector (s=), same domain/identity (d=/i=). > > It's easy using rspamd for signing, example in the documentation. > For opendkim it seems like you need to use lua scripting to achieve this > (there's https://github.com/trusteddomainproject/OpenDKIM/issues/6 with > a request for a built-in way to do this, issue is open since 2018). > > Hello Stuart and Ken, Thank you both for the responses. My mind was stuck at that point where I was wondering how to have two sets of keys, publishing the public ones, but Stuart's response has addressed it - "different selector". This was the missing clue. Now I just need to think about how I can test this within Exim. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-)
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
