Suggestion: Add Ed25519 DKIM signature to emails #22384
-
I’m not sure where else to post this, but currently GitHub emails are signed using a 1024-bit RSA DKIM key. This is usually done for compatibility reasons to keep the DNS record length under 255 characters. RFC8463 updates the DKIM standard to support Ed25519 keys, allowing for stronger and shorter DNS records. RFC6376 permits signing with multiple keys. Currently, few receiving servers are configured to support Ed25519 despite the RFC stating it MUST be supported, but this is typical for a transitional period, as seen with the transition to 2048-bit RSA. Signing with Ed25519 adds very little to resource consumption, likely less per message than 1024-bit, thus only marginally increases the computational cost of message signing. I would like to suggest that GitHub sign emails using both 1024-bit RSA and Ed25519 keys. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
I created a new discussion in the GitHub Feedback page:
Suggestion: Add Ed25519 DKIM signature to emails · Discussion #8390 ·...I'm not sure where else to post this, but currently GitHub emails are signed using a 1024-bit RSA DKIM key. This is usually done for compatibility reasons to keep the DNS record length under 25... |
Beta Was this translation helpful? Give feedback.
I created a new discussion in the GitHub Feedback page:
Suggestion: Add Ed25519 DKIM signature to emails · Discussion #8390 ·...
I'm not sure where else to post this, but currently GitHub emails are signed using a 1024-bit RSA DKIM key. This is usually done for compatibility reasons to keep the DNS record length under 25...