DKIM Signing Algorithm AdaEd25519-SHA256

Introduction Ed25519-SHA256, which defines a DKIM key type for Ed25519, became standardized in 2018, but has not gained much traction in the six years since its introduction. A survey of DKIM implementations revealed necessity for error prone extra code paths to implement it with existing APIs. In addition the DKIM algorithm of how "Computing the Message Hashes" for IMF messages causes Ed25519-SHA256 to create a 64-byte SHA-256 "data-hash" input for Ed25519, which is then "prehashed" with the stronger SHA-512 that expands to 128 bytes. AdaEd25519-SHA256 bases upon DKIM Hash Algorithm Adaptivity that takes advantage of algorithm progress and digital signature API reality.

AdaEd25519-SHA256 AdaEd25519-SHA256 is identical to Ed25519-SHA256 except that it uses DKIM Hash Algorithm Adaptivity: the DKIM (section 3.7) "hash-alg" SHA-256 is only used to produce the "body-hash", and "sig-alg" is fed in all the input used to create the "data-hash". Private and public keys are identical, and can be used interchangeably.

INFORMATIVE NOTE: Even though defined ASN.1 Object Identifiers (OIDs) for Ed25519, it was considered more important to keep compatibility with actively used Ed25519-SHA256 keys, than to support ASN.1 standard means of inspecting key data blobs.

Syntax The "sig-a-tag-k" ABNF definition of DKIM (section 3.5), as well as the "key-k-tag-type" ABNF definition of DKIM (section 3.6.1) are both extended by an entry "adaed25519".

IANA Considerations This memo requests adding the new key type "adaed25519" to the "DKIM Key Type" registry.

Security Considerations This specification should reduce implementation burden and complexity, aids hash hardening of affected algorithms to a certain extend, and potentially increases, dependent upon algorithm, data volume and API optimization efforts, processing performance.