Hi,
Thanks for the draft, will definitely be helpful.
Few issues:
* The range 0x0900-0x0903 is reserved for backwards compatibility
I think it will be better to continue the numbering in the 0x08.. space
* the must in "must use id_ML-DSA(...)" probably should be capitalised, as
if it doesn't match, the connection needs to be aborted
open question is if we should document error handling explicitly:
- illegal_parameter alert if the peer used algorithm not advertised, or
signature algorithm does not match the certificate
- decrypt_error when verification of the signature failed
On Wednesday, 23 October 2024 19:29:06 CEST, Bas Westerbaan wrote:
Hi all,
Unless I overlooked something, we don't have a draft out to
assign a SignatureAlgorithm to ML-DSA for use in TLS.
It's two days past the I-D submission deadline, but I wanted to
point you to a short draft we put together to fill this gap.
https://bwesterb.github.io/tls-mldsa/draft-tls-westerbaan-mldsa.html
So far, I see only one open question: whether to set a non-zero
context string.
Best,
Bas
--
Regards,
Alicja (nee Hubert) Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00, Brno, Czech Republic
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
