On Fri, May 09, 2008 at 02:40:17PM -0700, Paul Hoffman wrote:
Beyond what Russ just pointed out, I find the first line to be in bad
taste. Any IETF spec that says "you must not be able to verify a signature
even though it is valid" is pretty offensive.
Can we return to talking about interoperability?
I think you and I are on the same page, and there's two things:
1. Interoperability. The key sizes to guarantee two implementations will talk
to each other.
2. Security considerations. The key sizes that are a no-no due to insufficient
or overly-sufficient size.
Have we given up on the separation of these?
Blake