On Sun, 3 Nov 2024 at 14:34, Ilari Liusvaara <ilariliusva...@welho.com> wrote:
> On Sun, Nov 03, 2024 at 05:45:13AM +0530, tirumal reddy wrote: > > > > This draft https://datatracker.ietf.org/doc/draft-tls-reddy-slhdsa/ > > specifies how the PQC signature scheme SLH-DSA can be used for > > authentication in TLS 1.3. > > I think the context to use should be taken as open question and > resolved together with ML-DSA. > Providing guidance on the use of context would be helpful for all protocols that utilize PQC signatures. I don't see any of the protocols using SLH-DSA/ML-DSA leverage the context—for instance, it is set to an empty string in draft-ietf-lamps-cms-sphincs-plus, draft-ietf-lamps-x509-slhdsa, and draft-ietf-cose-sphincs-plus (where use of context is not specified). -Tiru > After all, ML-DSA and SLH-DSA share the interface design, which is > beyond the capabilities of Ed25519ctx and Ed448, let alone Ed25519. > > And with regards to precedent, Ed25519 does not support contexts. > Ed25519ctx is the version where I hacked in context support, but > very few things support that. Ed448 does have native context > support, but much of code treats it just as larger Ed25519. > > > > -Ilari > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
