On Mon, Mar 27, 2006 at 10:01:20AM -0500, David Shaw wrote:
It is not the place of a data format standard to hold people's hands
to that extent. We (correctly) don't tell people to reject signatures
from a 512-bit RSA key. That's not our job in the standard. If an
*implementation* wants to do that, that's just fine, but it does not
need permission from the standard to do it.
I agree with David here. The standard's purpose is to ensure
interoperability. It should tell us the sematics behind sequences of bytes.
It is up to the implementation to make decisions based on these semantics.
Valid reasons to exclude certain combinations from the standard include
ambiguity of interpretation, inherent insecurity or a wide installed base of
incompatible implementations, but not the possibility of weird uses, IMHO.
Regards,
--
Daniel