verification fails for rfc8463-mandate ed25519-signed dkim keys: "unsupported algorithm ed25519-sha256"

[pgnd]

I'm using authentication_milter, and have/test @ fastmail.

I'm dual-signing my outbound, with both -rsa & -ed25519 dkim keys

rfc

A New Cryptographic Signature Method for DomainKeys Identified Mail (DKIM)
https://datatracker.ietf.org/doc/html/rfc8463

states

https://datatracker.ietf.org/doc/html/rfc8463#section-5

that

  5. Choice and Strength of Keys and Algorithms

     Section 3.3 of [RFC6376] describes DKIM's hash and signature
     algorithms. It is updated as follows:

     Signers SHOULD implement and verifiers MUST implement the Ed25519-SHA256 algorithm.
                                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

testing @ fastmail, my rec'd mail headers report,

Authentication-Results: mx6.messagingengine.com;
    dkim=invalid (unsupported algorithm ed25519-sha256, 0-bit key)

I'm working on an issue, with more detail, here,

https://bugs.launchpad.net/dkimpy-milter/+bug/1901569/comments/6

not 100% clear yet where the problem lies ...

assuming that I'm reading the rfc correctly, DOES authentication_milter currently/correctly support Ed25519-SHA256 algorithm dkim verification?

[marcbradshaw]

ed25519 support needs to be added to Mail::DKIM first, it's on the to do list, but there are many things above it.

[pgnd]

needs to be added

for ref here, tracking at

https://github.com/fastmail/mail-dkim/issues/9

[aral]

Any updates on this? Would be nice to see Fastmail leading on this.