"Turner, Sean P." <turners(_at_)ieca(_dot_)com> writes:
A receiving agent needs to be able to verify signatures whose key length is
chosen by the signer. For interoperability, a receiving agent MUST be able to
verify signatures whose key length is 1024 bits or shorter.
Receiving agents are only required to validate signatures that are the same
length as sending agents are required to produce, namely 1024 bits.
Aren't these mutually exclusive?
(The "or shorter" attached to the "1024" is also going to prove problematic
with FIPS-evaluated crypto implementations, since you can't do < 1024 bits for