diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2019-02-14 16:44:46 +0000 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2019-02-16 14:50:22 +0000 |
commit | 13912bf2bc166b324a73b4b5089defa5bb698ae6 (patch) | |
tree | b7025a927e8bd89c52bbbb8023b0d9cd33ef4a2c | |
parent | 1cfa7822ca8928f95160df8742af11fff888ae7e (diff) | |
download | exim4-13912bf2bc166b324a73b4b5089defa5bb698ae6.tar.gz |
Docs: update DKIM standards info
(cherry picked from commit 27d0d9e6e002b2a9ea9a053e8163523592786ab5)
-rw-r--r-- | doc/doc-docbook/spec.xfpt | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 20b08f693..112c1efa2 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -39435,8 +39435,9 @@ Signers MUST use RSA keys of at least 1024 bits for all keys. Signers SHOULD use RSA keys of at least 2048 bits. .endd -Support for EC keys is being developed under -&url(https://datatracker.ietf.org/doc/draft-ietf-dcrup-dkim-crypto/). +.new +EC keys for DKIM are defined by RFC 8463. +.wen They are considerably smaller than RSA keys for equivalent protection. As they are a recent development, users should consider dual-signing (by setting a list of selectors, and an expansion for this option) @@ -39456,10 +39457,12 @@ openssl pkey -outform DER -pubout -in dkim_ed25519.private | tail -c +13 | base6 certtool --load_privkey=dkim_ed25519.private --pubkey_info --outder | tail -c +13 | base64 .endd -Note that the format -of Ed25519 keys in DNS has not yet been decided; this release supports -both of the leading candidates at this time, a future release will -probably drop support for whichever proposal loses. +.new +Exim also supports an alternate format +of Ed25519 keys in DNS which was a candidate during development +of the standard, but not adopted. +A future release will probably drop that support. +.wen .option dkim_hash smtp string&!! sha256 Can be set to any one of the supported hash methods, which are: |