[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Suggested changes for DSA2
On Mon, Mar 27, 2006 at 10:01:20AM -0500, David Shaw wrote:
> It is not the place of a data format standard to hold people's hands
> to that extent. We (correctly) don't tell people to reject signatures
> from a 512-bit RSA key. That's not our job in the standard. If an
> *implementation* wants to do that, that's just fine, but it does not
> need permission from the standard to do it.
I agree with David here. The standard's purpose is to ensure
interoperability. It should tell us the sematics behind sequences of bytes.
It is up to the implementation to make decisions based on these semantics.
Valid reasons to exclude certain combinations from the standard include
ambiguity of interpretation, inherent insecurity or a wide installed base of
incompatible implementations, but not the possibility of weird uses, IMHO.
Regards,
--
Daniel