[TLS] Re: Fwd: New Version Notification for draft-tls-reddy-composite-mldsa-00.txt

Mon, 04 Nov 2024 06:20:48 -0800 

Hello,

I don't think we should go back to signing with PKCS#1 v1.5 in TLSv1.3.

I'm opposed to including those two IDs:

    mldsa44_rsa_pkcs1_sha256 (0x090C),
    mldsa65_rsa_pkcs1_sha384 (0x090D),

Theoretically we could require the RSA part to still make PSS signatures
but I think that would be rather hard on the cryptographic backends...
So I'd rather not have them.

On Sunday, 3 November 2024 01:07:34 CET, tirumal reddy wrote:

Hi all,
The draft https://datatracker.ietf.org/doc/draft-tls-reddy-composite-mldsa/ specifies how ML-DSA in combination with traditional algorithms can be used for authentication in TLS 1.3. 
Comments and suggestions are welcome.

Regards,
- Tiru

---------- Forwarded message ---------
From: <internet-dra...@ietf.org>
Date: Sun, 3 Nov 2024 at 05:33
Subject: New Version Notification for draft-tls-reddy-composite-mldsa-00.txt
To: Tirumaleswar Reddy.K <kond...@gmail.com>, John Gray <john.g...@entrust.com>, Scott Fluhrer <sfluh...@cisco.com>, Timothy Hollebeek <tim.holleb...@digicert.com> 


A new version of Internet-Draft draft-tls-reddy-composite-mldsa-00.txt has
been successfully submitted by Tirumaleswar Reddy and posted to the
IETF repository.

Name:     draft-tls-reddy-composite-mldsa
Revision: 00
Title:    Use of Composite ML-DSA in TLS 1.3
Date:     2024-11-02
Group:    Individual Submission
Pages:    8
URL: https://www.ietf.org/archive/id/draft-tls-reddy-composite-mldsa-00.txt 
Status:   https://datatracker.ietf.org/doc/draft-tls-reddy-composite-mldsa/
HTML: https://www.ietf.org/archive/id/draft-tls-reddy-composite-mldsa-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-tls-reddy-composite-mldsa 


Abstract:

   This document specifies how the post-quantum signature scheme ML-DSA
   [FIPS204], in combination with traditional algorithms RSA-
   PKCS#1v1.5,RSA-PSS, ECDSA, Ed25519, and Ed448 can be used for
   authentication in TLS 1.3.  The composite ML-DSA approach is
   beneficial in deployments where operators seek additional protection
   against potential breaks or catastrophic bugs in ML-DSA.



The IETF Secretariat





--
Regards,
Alicja (nee Hubert) Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00, Brno, Czech Republic

_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org

Reply via email to