Curve25519/Ed25519 ?
On my new Dovecot 2.4.2 IMAP server, which when completed will be accessible only via SSL, I plan to use Curve25519/Ed25519 self-signed-cert/private-key. Is there any reason this would be a mistake?
Thanks,
SteveT
Steve Litt http://444domains.com
On 2026/03/08 03:19, Steve Litt via dovecot wrote:
On my new Dovecot 2.4.2 IMAP server, which when completed will be accessible only via SSL, I plan to use Curve25519/Ed25519 self-signed-cert/private-key. Is there any reason this would be a mistake?
Who will be "talking to" your Dovecot server?
From a crypto point of view, curve25519/ed25519 is fine, of course.
The "self-signed" part of your certificate means that clients that want to connect to your IMAP server will have to manually accept your certificate.
Do you control all the IMAP clients, so that this can be managed?
I hope this helps.
Edmund-- Edmund Lodewijks <edmund@proteamail.com> TZ: UCT+2 / GMT+2
Edmund Lodewijks via dovecot said on Sun, 8 Mar 2026 12:24:57 +0200
On 2026/03/08 03:19, Steve Litt via dovecot wrote:
On my new Dovecot 2.4.2 IMAP server, which when completed will be accessible only via SSL, I plan to use Curve25519/Ed25519 self-signed-cert/private-key. Is there any reason this would be a mistake?
Who will be "talking to" your Dovecot server?
The plan is only I will be talking to it. Maybe from the same physical computer, and maybe over a network or the Internet.
From a crypto point of view, curve25519/ed25519 is fine, of course.
The "self-signed" part of your certificate means that clients that want to connect to your IMAP server will have to manually accept your certificate.
Do you control all the IMAP clients, so that this can be managed?
Yes. I'll be using Claws-Mail, Evolution or Mutt, and I personally will be at the keyboard.
Thanks,
SteveT
Steve Litt
participants (2)
-
Edmund Lodewijks
-
Steve Litt