ietf-smime
[Top] [All Lists]

RE: S/MIME v3.2 IDs key size text

2008-05-03 09:13:31

At 4:56 PM +1200 5/3/08, Peter Gutmann wrote:
How does this reconcile them?  Do we get to choose which ones we want?

You follow the MUST, not the "if you care about doing things flexibly, you also do this". This is the same as for almost any IETF standard.

 >>(The "or shorter" attached to the "1024" is also going to prove problematic
with FIPS-evaluated crypto implementations, since you can't do < 1024 bits
for those).

That's just plain wrong. Nothing in the FIPS evaluation says that you cannot
verify signatures shorter than what they require.

I didn't say you couldn't verify sigs, I said you couldn't get the code to do
that evaluated because the minimum they'll accept is 1024 bits.  In other
words you'd be using non-evaluated code (or code run in a non-evaluated mode)
to do the sig. verification.

I admit that I haven't gone through a FIPS evaluation myself, but what you say seems wrong. .I assume that verifying code does not have different code paths for different sizes of keys being verified, so the evaluated code works for the mandated sizes and others. Even if you structured your code along key sizes, the "wrong" sizes would be non-evaluated, and the "right" sizes would be evaluated.

If someone from NIST or from a test lab wants to chime in here, that would be grand.