(The "or shorter" attached to the "1024" is also going to prove
with FIPS-evaluated crypto implementations, since you can't do < 1024
That's just plain wrong. Nothing in the FIPS evaluation says that you
cannot verify signatures shorter than what they require.
I'm not sure that's accurate. A FIPS security policy is fairly clear about
exactly what keys and key sizes you can use in FIPS mode, and I'm fairly sure
that this stops you from using smaller keys in FIPS mode, even to verify a