On May 9, 2008, at 4:40 PM, Paul Hoffman wrote:
At 12:37 PM -0400 5/6/08, Turner, Sean P. wrote:
0 < key size < 511 : MUST NOT
512 < key size < 1023 : SHOULD-
Beyond what Russ just pointed out, I find the first line to be in
bad taste. Any IETF spec that says "you must not be able to verify a
signature even though it is valid" is pretty offensive.
How about adding a "MUST warn the user that key is too damn short to
be considered safe, even though the signature is valid" clause instead?
-- Tim
smime.p7s
Description: S/MIME cryptographic signature