mirror of
https://github.com/mjl-/mox.git
synced 2025-06-28 02:28:15 +03:00
2fc75b5b7b
We'll need RSA DKIM keys for a long time to come because many systems don't support ed25519 DKIM signatures. We've been adding both types of keys when adding a new domain, and adding both two DKIM signatures to outgoing messages. This works fine in practice, other mail servers are correctly ignoring the ed25519 signature if they don't understand it. Unfortunately, it causess noise in DMARC reports: Systems will warn that a DKIM check failed. Sometimes with a vague message about a missing key, or a 0-bit key. Sometimes they leave the selector out of the report, making it hard to understand what's going on. This causes postmasters to investigate because they think something is wrong, only to eventually find out it's all fine. So we're causing needless chores for postmasters. By having only an RSA DKIM signature, we skip that noise. This also reduces the number of DNS records postmasters have to add for a domain. The small ed25519 DKIM DNS TXT records would make them preferrable over the long multi-string RSA DKIM DNS TXT records (which are often hard to add correctly through DNS operator web interfaces), but as mentioned, we'll have to add the RSA DKIM keys anyway. Another reason why RSA keys _may_ be preferrable over ed25519 keys is that with RSA, signing is more computationally expensive than verifying, while it's the other way around for ed25519 keys. Admins can always add an ed25519 DKIM key to their domain. And we can always switch back to adding them to new domains by default in the future. For issue #299.