At 7:45 PM +1200 5/10/08, Peter Gutmann wrote:
Paul Hoffman <phoffman(_at_)imc(_dot_)org> writes:
At 12:37 PM -0400 5/6/08, Turner, Sean P. wrote:
0 < key size < 511 : MUST NOT
512 < key size < 1023 : SHOULD-
1024 < key size < 2048 : MUST
2049 < key size < 4096 : MAY
Beyond what Russ just pointed out, I find the first line to be in bad taste.
Any IETF spec that says "you must not be able to verify a signature even
though it is valid" is pretty offensive.
So an implementation is supposed to do what, tell the user that they can be
absolutely totally assured that the signature is valid, all 12 bits of it?
Yes. Why not? If you don't want to fully comply with the standard for
any of a variety of reasons, by all means don't.