Paul Hoffman <phoffman(_at_)imc(_dot_)org> writes:
At 6:16 AM +1200 5/3/08, Peter Gutmann wrote:
Aren't these mutually exclusive?
Yes; that's why they are in separate sections.
How does this reconcile them? Do we get to choose which ones we want?
(The "or shorter" attached to the "1024" is also going to prove problematic
with FIPS-evaluated crypto implementations, since you can't do < 1024 bits
for those).
That's just plain wrong. Nothing in the FIPS evaluation says that you cannot
verify signatures shorter than what they require.
I didn't say you couldn't verify sigs, I said you couldn't get the code to do
that evaluated because the minimum they'll accept is 1024 bits. In other
words you'd be using non-evaluated code (or code run in a non-evaluated mode)
to do the sig. verification.
Peter.