At 6:16 AM +1200 5/3/08, Peter Gutmann wrote:
"Turner, Sean P." <turners(_at_)ieca(_dot_)com> writes:
A receiving agent needs to be able to verify signatures whose key length is
chosen by the signer. For interoperability, a receiving agent MUST be able to
verify signatures whose key length is 1024 bits or shorter.
Receiving agents are only required to validate signatures that are the same
length as sending agents are required to produce, namely 1024 bits.
Aren't these mutually exclusive?
Yes; that's why they are in separate sections.
(The "or shorter" attached to the "1024" is also going to prove problematic
with FIPS-evaluated crypto implementations, since you can't do < 1024 bits for
That's just plain wrong. Nothing in the FIPS evaluation says that you
cannot verify signatures shorter than what they require.