(The "or shorter" attached to the "1024" is also going to prove
problematic
with FIPS-evaluated crypto implementations, since you can't do < 1024
bits for
those).
That's just plain wrong. Nothing in the FIPS evaluation says that you
cannot verify signatures shorter than what they require.
I'm not sure that's accurate. A FIPS security policy is fairly clear about
exactly what keys and key sizes you can use in FIPS mode, and I'm fairly sure
that this stops you from using smaller keys in FIPS mode, even to verify a
signature.