On Sun, Nov 03, 2024 at 05:45:13AM +0530, tirumal reddy wrote: > > This draft https://datatracker.ietf.org/doc/draft-tls-reddy-slhdsa/ > specifies how the PQC signature scheme SLH-DSA can be used for > authentication in TLS 1.3.
I think the context to use should be taken as open question and resolved together with ML-DSA. After all, ML-DSA and SLH-DSA share the interface design, which is beyond the capabilities of Ed25519ctx and Ed448, let alone Ed25519. And with regards to precedent, Ed25519 does not support contexts. Ed25519ctx is the version where I hacked in context support, but very few things support that. Ed448 does have native context support, but much of code treats it just as larger Ed25519. -Ilari _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
