Paul Hoffman <phoffman(_at_)imc(_dot_)org> writes:
We are not the security nannies of the Internet. As long as we give a
reasonable number of bits that all implementations should be able to sign and
verify in order to make reasonably-strong signatures, we should step back and
let organizations make their own rules.
No, that's exactly what we shouldn't do, because then organisations will use
the fact that the standard doesn't set a sane limit on the key size to justify
using completely stupid key sizes (or as a generalisation completely insecure
"security" practices) [0]. I realise that it's not possible to explicitly
outlaw every kind of stupid behaviour that users will engage in, but since
there's a list of key sizes in the doc anyway it's a pretty trivial change to
add a sensible lower bound to it.
Peter.
[0] The best one I've ever heard in this area was a government department that
said that while a NIST standard required the use of security technology
X, it didn't say it had to be *effectively* applied, merely applied
(imagine the computer equivalent of "doors must be fitted with Medeco
locks", but since the standard never said you have to actually lock the
doors, merely that they had to be there, it was fine to leave all the
doors unlocked). That's an extreme case, but it's merely the tip of the
iceberg of lesser stupidity that organisations will engage in because a
standard doesn't say they can't.