I think if we struck ", namely 1024 bits" from the text in the security
considerations that it's still a true statement and we won't have to change
it every time we update the spec.
spt
-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Paul
Hoffman
Sent: Friday, May 02, 2008 5:44 PM
To: ietf-smime(_at_)imc(_dot_)org
Subject: RE: S/MIME v3.2 IDs key size text
At 6:16 AM +1200 5/3/08, Peter Gutmann wrote:
"Turner, Sean P." <turners(_at_)ieca(_dot_)com> writes:
A receiving agent needs to be able to verify signatures whose key
length is chosen by the signer. For interoperability, a receiving
agent MUST be able to verify signatures whose key length is
1024 bits or shorter.
[...]
Receiving agents are only required to validate signatures
that are the
same length as sending agents are required to produce,
namely 1024 bits.
Aren't these mutually exclusive?
Yes; that's why they are in separate sections.
(The "or shorter" attached to the "1024" is also going to prove
problematic with FIPS-evaluated crypto implementations, since
you can't
do < 1024 bits for those).
That's just plain wrong. Nothing in the FIPS evaluation says
that you cannot verify signatures shorter than what they require.