[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: S/MIME v3.2 IDs key size text
I think if we struck ", namely 1024 bits" from the text in the security
considerations that it's still a true statement and we won't have to change
it every time we update the spec.
spt
>-----Original Message-----
>From: owner-ietf-smime@xxxxxxxxxxxx
>[mailto:owner-ietf-smime@xxxxxxxxxxxx] On Behalf Of Paul Hoffman
>Sent: Friday, May 02, 2008 5:44 PM
>To: ietf-smime@xxxxxxx
>Subject: RE: S/MIME v3.2 IDs key size text
>
>
>At 6:16 AM +1200 5/3/08, Peter Gutmann wrote:
>>"Turner, Sean P." <turners@xxxxxxxx> writes:
>>
>>>A receiving agent needs to be able to verify signatures whose key
>>>length is chosen by the signer. For interoperability, a receiving
>>>agent MUST be able to verify signatures whose key length is
>1024 bits or shorter.
>>
>>[...]
>>
>>>Receiving agents are only required to validate signatures
>that are the
>>>same length as sending agents are required to produce,
>namely 1024 bits.
>>
>>Aren't these mutually exclusive?
>
>Yes; that's why they are in separate sections.
>
>>(The "or shorter" attached to the "1024" is also going to prove
>>problematic with FIPS-evaluated crypto implementations, since
>you can't
>>do < 1024 bits for those).
>
>That's just plain wrong. Nothing in the FIPS evaluation says
>that you cannot verify signatures shorter than what they require.
>