On Tue, Mar 18, 2025 at 01:49:56PM +0100, Dan Malm via mailop wrote:
> On 2025-03-17 15:02, Viktor Dukhovni via mailop wrote:
> > Any chance you can share a few of the domain names? Have you tried
> > resolving the <selector>._domainkey.<domain> TXT RRset via DNSviz or,
> > perhaps better, RIPE Atlas?
>
> https://dnsviz.net/d/ed1._domainkey.sisyfos.one/dnssec/
> https://dnsviz.net/d/rsa1._domainkey.sisyfos.one/dnssec/
> https://dnsviz.net/d/ed2._domainkey.guanabana.productions/dnssec/
> https://dnsviz.net/d/rsa2._domainkey.guanabana.productions/dnssec/
I take it that these domains sign with both Ed25519 and RSA. If so,
perhaps the recent reports here that Microsoft have acknowledged
problems with validating messages which are dual signed, with one of
algorithms not yet supported. IIRC, there are reports of a fix being
rolled out?
--
Viktor.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
