aither/simple-nixos-mailserver
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Warn about ED25519 DKIM usage

Browse Source 
There currently seems to be mixed support out there and we need to
support dual-signing first before we can recommend rolling out ED25519
DKIM keys.
This commit is contained in:
Martin Weinelt
2025-12-01 23:12:18 +01:00
parent 76bd7a85e7
commit 7d359e3ff5
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
default.nix
+5
View File
@@ -999,6 +999,11 @@ in
description = ''
The key type used for generating DKIM keys. ED25519 was introduced in RFC6376 (2018).
:::{warning}
ED25519 DKIM keys are currently not recommended for primary use, as
various DKIM validators out there lack support and consider the keypair invalid.
:::
If you have already deployed a key with a different type than specified
here, then you should use a different selector ({option}`mailserver.dkimSelector`). In order to get
this package to generate a key with the new type, you will either have to