When decrypting a message with a signature, we can short circuit some verification failures by first checking whether the signature length is valid for the algorithm suite in use. We would need to add in additional logic in order to enable this sort of check.
Proposal from @mattsb42-aws:
algorithm suites SHOULD define a max signature length and if they do then the client MUST fail if the signature length field is larger than that value
When decrypting a message with a signature, we can short circuit some verification failures by first checking whether the signature length is valid for the algorithm suite in use. We would need to add in additional logic in order to enable this sort of check.
Proposal from @mattsb42-aws: