David Shaw wrote:
Here is some revised suggested DSA2 language, taking Hal's comments
into account and adding some extra polish. While I agree with his
suggestion to reorganize the signature sections, I'm reluctant to get
into that in this mail as I think that getting general consensus on
DSA2 language would be easier if the two weren't combined. I'd be
happy to take it up separately though.
Section 5.2.2 (Version 3 Signature Packet Format) says:
DSA signatures MUST use hashes with a size of 160 bits, to match q,
the size of the group generated by the DSA key's generator value.
The hash function result is treated as a 160 bit number and used
directly in the DSA signature algorithm.
DSA signatures MUST use hashes that are equal to or larger than
language nit: "equal in size to"
the size of q, the group generated by the DSA key's generator
value. If the chosen hash is larger than the size of q, the hash
result is truncated to fit by taking a number of leftmost bits
equal to the number of bits in q. This (possibly truncated) hash
function result is treated as a number and used directly in the
DSA signature algorithm.
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff