From c77f03fa749cee87e7d083b29d6434dee49c4471 Mon Sep 17 00:00:00 2001 From: Scott Kitterman Date: Wed, 7 Feb 2018 01:06:50 -0500 Subject: [PATCH] Update README and Changelog for release. --- ChangeLog | 10 +++++----- README | 9 +++++++++ 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 69f0fcd..6b26243 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,14 +1,14 @@ -UNRELEASED Version 0.7.0 - - Initial ed25519 implementation based on draft-ietf-dcrup-dkim-crypto-08 - experimental - IETF draft, design not finalized +2018-02-07 Version 0.7.0 + - Initial ed25519 implementation based on draft-ietf-dcrup-dkim-crypto + experimental - IETF draft, design not finalized, See README for details - Port dkimsign.py to use argparse; now gives standard usage message and is more extensible - Add command line options to dkimsign.py to select header and body canonicalization algorithmns (LP: #1272724) - Add command line option to dkimsign.py to select signing algorithm - For dknewkey.py make default to include h=sha256 in the DNS record to - exclude usage with sha1. Can be overriden. - - Update ARC processing to current draft. + exclude usage with sha1. Can be overriden + - Update ARC processing to current draft - Fix arcverify tag requirements (LP: #1710312) - Fix empty body canonicalization for relaxed canonicalization (LP: #1727319) * Thanks to Matthew Palmer for the report and the proposed fix diff --git a/README b/README index 64e651e..f388a3b 100644 --- a/README +++ b/README @@ -94,6 +94,15 @@ verifying rsa-sha1 signatures. There are still some significant users of rsa-sha1 signatures, so operationally it's premature to disable verification of rsa-sha1. +As of version 0.7, experimental signing and verifying of DKIM Ed25519 +signatures is supported as described in draft-ietf-dcrup-dkim-crypto: + +https://datatracker.ietf.org/doc/draft-ietf-dcrup-dkim-crypto/ + +The dkimpy 0.7 implementation matches the -08 revision of the draft, except it +uses Ed25519 vice Ed25519ph (a change to Ed25519 is planned for -09, but that +had not been published yet as of the release of dkimpy 0.7). + Three helper programs are also supplied: dknewkey.py, dkimsign.py and dkimverify.py.