ietf-smime
[Top] [All Lists]

RE: S/MIME v3.2 IDs key size text

2008-05-03 18:13:00

I think if we struck ", namely 1024 bits" from the text in the security
considerations that it's still a true statement and we won't have to change
it every time we update the spec.

spt 

-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org 
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Paul 
Hoffman
Sent: Friday, May 02, 2008 5:44 PM
To: ietf-smime(_at_)imc(_dot_)org
Subject: RE: S/MIME v3.2 IDs key size text


At 6:16 AM +1200 5/3/08, Peter Gutmann wrote:
"Turner, Sean P." <turners(_at_)ieca(_dot_)com> writes:

A receiving agent needs to be able to verify signatures whose key 
length is chosen by the signer. For interoperability, a receiving 
agent MUST be able to verify signatures whose key length is 
1024 bits or shorter.

[...]

Receiving agents are only required to validate signatures 
that are the 
same length as sending agents are required to produce, 
namely 1024 bits.

Aren't these mutually exclusive?

Yes; that's why they are in separate sections.

(The "or shorter" attached to the "1024" is also going to prove 
problematic with FIPS-evaluated crypto implementations, since 
you can't 
do < 1024 bits for those).

That's just plain wrong. Nothing in the FIPS evaluation says 
that you cannot verify signatures shorter than what they require.