[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: S/MIME v3.2 IDs key size text

To: "'Paul Hoffman'" <phoffman@xxxxxxx>, "ietf-smime@xxxxxxx" <ietf-smime@xxxxxxx>
Subject: RE: S/MIME v3.2 IDs key size text
From: Luther Martin <martin@xxxxxxxxxxx>
Date: Fri, 2 May 2008 15:17:43 -0700
Accept-language: en-US
Acceptlanguage: en-US
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
References: <E1Jrznz-0005zT-Rs@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <>
Sender: owner-ietf-smime@xxxxxxxxxxxx
Thread-index: AcisoRdLcJxLfqhgQJOqvCo62JIenQAAH5iw
Thread-topic: S/MIME v3.2 IDs key size text

> >(The "or shorter" attached to the "1024" is also going to prove
> problematic
> >with FIPS-evaluated crypto implementations, since you can't do < 1024
> bits for
> >those).
>
> That's just plain wrong. Nothing in the FIPS evaluation says that you
> cannot verify signatures shorter than what they require.

I'm not sure that's accurate. A FIPS security policy is fairly clear about exactly what keys and key sizes you can use in FIPS mode, and I'm fairly sure that this stops you from using smaller keys in FIPS mode, even to verify a signature.

Follow-Ups:
- RE: S/MIME v3.2 IDs key size text
  - From: Paul Hoffman

References:
- RE: S/MIME v3.2 IDs key size text
  - From: Peter Gutmann
- RE: S/MIME v3.2 IDs key size text
  - From: Paul Hoffman

Prev by Date: RE: S/MIME v3.2 IDs key size text
Next by Date: RE: S/MIME v3.2 IDs key size text
Previous by thread: RE: S/MIME v3.2 IDs key size text
Next by thread: RE: S/MIME v3.2 IDs key size text
Index(es):
- Date
- Thread