Suggestion: Add Ed25519 DKIM signature to emails #8390
Unanswered
myfirstnameispaul
asked this question in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I'm not sure where else to post this, but currently GitHub emails are signed using a 1024-bit RSA DKIM key.
This is usually done for compatibility reasons to keep the DNS record length not more than 255 octets.
RFC8463 updates the DKIM standard to support Ed25519 keys, allowing for stronger and shorter DNS records.
RFC6376 permits signing with multiple keys. Currently, few receiving servers are configured to support Ed25519 despite the RFC stating it MUST be supported, but this is typical for a transitional period, as seen with the transition to 2048-bit RSA.
Signing with Ed25519 adds very little to resource consumption, likely less per message than 1024-bit, thus only marginally increases the computational cost of message signing.
I would like to suggest that GitHub sign emails using both 1024-bit RSA and Ed25519 keys.
Beta Was this translation helpful? Give feedback.
All reactions