ECDSA client question

Tributh dovecot-user at tributh.net
Sun Dec 16 17:52:47 EET 2018



Am 16.12.18 um 12:13 schrieb Michael A. Peters:
> Hi, for those who have adopted ECDSA,
> 
> Are there still any commonly used IMAPS/POP3S clients that still can not
> handle ECDSA certificates?
> 
> I know you can set up Dovecot dor dual cert, I am just trying to
> determine if there still is a real world need to.

Nearly every client can handle ECDSA, but it depends on the size of the
certificate.
I used years ago ECDSA-384bit certificates, which covered most of the
clients. It came to the point to disable RSA in that time, but than came
Android7.0. This Version can only handle ECDSA-256bit certificates or RSA.

The coverage of Android7.0 is still over 20%. Google reacted fast and
repaired this bug in 7.1, which is still not coming to most of the phones.

Cheers
Torsten


More information about the dovecot mailing list