At 3:17 PM -0700 5/2/08, Luther Martin wrote:
> >(The "or shorter" attached to the "1024" is also going to prove
problematic
>with FIPS-evaluated crypto implementations, since you can't do < 1024
bits for
>those).
That's just plain wrong. Nothing in the FIPS evaluation says that you
cannot verify signatures shorter than what they require.
I'm not sure that's accurate. A FIPS security policy is fairly clear
about exactly what keys and key sizes you can use in FIPS mode, and
I'm fairly sure that this stops you from using smaller keys in FIPS
mode, even to verify a signature.
That's quite different than what I said. In FIPS mode, you may need
to only validate FIPS-mandated signatures (there is even some
disagreement about this). However, a FIPS-evaluated system can also
validate non-FIPS-mandated signatures, just not in FIPS mode (maybe).