On Fri, 10 May 2024 06:57:20 +0100,
Matthieu Herrb <matthieu@openbsd.org> wrote:
> 
> https://www.rfc-editor.org/rfc/rfc6376#section-3.3 says that
> rsa-sha256 SHOULD be used. Unfortunatly Mail::DKIM::Signer uses
> rsa-sha1 by default when no algorithm is specifed.
> 
> Update the dkimproxy.out sample config...
> 
> Make aboutmy.email (and other checkers) happier, and hopefully less
> rejects by hotmail/google and co...
> 
> comments? ok?
>

I'd like to point that using anything else whan RSA with SHA256 leads to
issues. The cause is OpenDKIM which is widley used. It had well known issue
with ed25519 [1] which probably will be fixed in the next release.

Anyway, the last release had happened in 2015 and this project seems to be
not that alive, so, no hope that it will be released and distributed soon.

My point: let add reference to this issue and suggest to use only RSA/SHA256.

Footnotes:
[1]  https://github.com/trusteddomainproject/OpenDKIM/issues/6

-- 
wbr, Kirill