[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: S/MIME v3.2 IDs key size text

To: ietf-smime@xxxxxxx, phoffman@xxxxxxx
Subject: RE: S/MIME v3.2 IDs key size text
From: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Date: Sat, 03 May 2008 16:56:38 +1200
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Sender: owner-ietf-smime@xxxxxxxxxxxx

Paul Hoffman <phoffman@xxxxxxx> writes:
>At 6:16 AM +1200 5/3/08, Peter Gutmann wrote:
>>Aren't these mutually exclusive?
>
>Yes; that's why they are in separate sections.

How does this reconcile them?  Do we get to choose which ones we want?

>>(The "or shorter" attached to the "1024" is also going to prove problematic
>>with FIPS-evaluated crypto implementations, since you can't do < 1024 bits
>>for those).
>
>That's just plain wrong. Nothing in the FIPS evaluation says that you cannot
>verify signatures shorter than what they require.

I didn't say you couldn't verify sigs, I said you couldn't get the code to do
that evaluated because the minimum they'll accept is 1024 bits.  In other
words you'd be using non-evaluated code (or code run in a non-evaluated mode)
to do the sig. verification.

Peter.

Follow-Ups:
- RE: S/MIME v3.2 IDs key size text
  - From: Paul Hoffman

References:
- RE: S/MIME v3.2 IDs key size text
  - From: Paul Hoffman

Prev by Date: RE: S/MIME v3.2 IDs key size text
Next by Date: RE: S/MIME v3.2 IDs key size text
Previous by thread: RE: S/MIME v3.2 IDs key size text
Next by thread: RE: S/MIME v3.2 IDs key size text
Index(es):
- Date
- Thread