At 8:31 AM -0500 5/12/08, Timothy J Miller wrote:
On May 9, 2008, at 4:40 PM, Paul Hoffman wrote:
At 12:37 PM -0400 5/6/08, Turner, Sean P. wrote:
0 < key size < 511 : MUST NOT
512 < key size < 1023 : SHOULD-
Beyond what Russ just pointed out, I find the first line to be in
bad taste. Any IETF spec that says "you must not be able to verify
a signature even though it is valid" is pretty offensive.
How about adding a "MUST warn the user that key is too damn short to
be considered safe, even though the signature is valid" clause
instead?
I seriously doubt we could get consensus on the number of bits for
that to kick in. Also, this would prevent an automated signature
validation system with no UI from being able to be conformant.
We are not the security nannies of the Internet. As long as we give a
reasonable number of bits that all implementations should be able to
sign and verify in order to make reasonably-strong signatures, we
should step back and let organizations make their own rules.