This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
If verify() is called with a signature that is smaller than expected: - Does it do a truncated comparison? - Or does it fail verification My expectation is that it should fail verification.
With the exception of HMAC, the signature comparison is done in the procedures of referenced specification for each cryptographic operation. So this is out of our scope, but I would be very surprised if any of those specifications did a tuncated comparison. For HMAC we ask if the provided MAC is 'equal' to the calculated one. Two octet strings of different lengths are not 'equal', so verification would certainly fail if the provided MAC was the wrong length.