Am 16.12.18 um 12:13 schrieb Michael A. Peters:
Hi, for those who have adopted ECDSA,
Are there still any commonly used IMAPS/POP3S clients that still can not handle ECDSA certificates?
I know you can set up Dovecot dor dual cert, I am just trying to determine if there still is a real world need to.
Nearly every client can handle ECDSA, but it depends on the size of the certificate. I used years ago ECDSA-384bit certificates, which covered most of the clients. It came to the point to disable RSA in that time, but than came Android7.0. This Version can only handle ECDSA-256bit certificates or RSA.
The coverage of Android7.0 is still over 20%. Google reacted fast and repaired this bug in 7.1, which is still not coming to most of the phones.
Cheers Torsten