Thank you, Alicja, for the review. I agree with all your comments and have
raised a PR https://github.com/tireddy2/composite-mldsa/pull/1 to address
them.
Cheers,
-Tiru
On Mon, 18 Nov 2024 at 20:44, Alicja Kario <hka...@redhat.com> wrote:
> Thanks for the work on this document, it's highly appreciated!
>
> Few comments:
> - If we allow for pkcs#1v1.5 sig schemes in signatures_algorithms_cert but
> not in signatures_algorithms I think we should, at the very least,
> ask IANA to add a column to the SignatureScheme namespace that
> includes that information
> - while the descriptive text does say PKCS#1v1.5 schemes shouldn't be in
> signature_algorithms, it doesn't specify peer behaviour if the other
> side of the connection misbehaves ("MAY abort connection with
> illegal_parameter if it's included in Client Hello or Certificate
> Request signature_algorithms extension" and "MUST abort the connection
> with an illegal_parameter alert if it's used in Certificate Verify
> message"?)
> - while the mapping for Schemes to OIDs in
> draft-ietf-lamps-pq-composite-sigs
> for ECDSA and EdDSA is clear and 1-to-1, that's not the case for RSA.
> The draft-ietf-lamps-pq-composite-sigs specifies RSA with specific key
> sizes, and for example we have both id-HashMLDSA65-RSA3072-PSS-SHA512
> and id-HashMLDSA65-RSA4096-PSS-SHA512... which one should be used with
> mldsa65_rsa_pss_pss_sha384?
> - same for the hash function, the draft-ietf-lamps-pq-composite-sigs uses
> SHA-512 for the combinations with ML-DSA65, while this draft specifies
> SHA-384... I think they should be aligned and identical: the
> draft-ietf-lamps-pq-composite-sigs schemes should be considered atomic,
> with a key of id-HashMLDSA65-RSA3072-PSS-SHA512 able to perform
> signatures
> only with that scheme, not with arbitrary hash functions...
>
> On Saturday, 16 November 2024 06:57:17 CET, tirumal reddy wrote:
> > Hi all,
> >
> > The updated draft
> > https://datatracker.ietf.org/doc/draft-reddy-tls-composite-mldsa/,
> > incorporates feedback received from the WG. It outlines how
> > ML-DSA in combination with traditional algorithms can be
> > utilized for authentication in TLS 1.3.
> >
> > Further, comments and suggestions are welcome.
> >
> > Best Regards,
> > -Tiru
> >
> > ---------- Forwarded message ---------
> > From: <internet-dra...@ietf.org>
> > Date: Thu, 14 Nov 2024 at 16:55
> > Subject: New Version Notification for
> draft-reddy-tls-composite-mldsa-00.txt
> > To: Tirumaleswar Reddy.K <kond...@gmail.com>, John Gray
> > <john.g...@entrust.com>, Scott Fluhrer <sfluh...@cisco.com>,
> > Timothy Hollebeek <tim.holleb...@digicert.com>
> >
> >
> > A new version of Internet-Draft draft-reddy-tls-composite-mldsa-00.txt
> has
> > been successfully submitted by Tirumaleswar Reddy and posted to the
> > IETF repository.
> >
> > Name: draft-reddy-tls-composite-mldsa
> > Revision: 00
> > Title: Use of Composite ML-DSA in TLS 1.3
> > Date: 2024-11-14
> > Group: Individual Submission
> > Pages: 8
> > URL:
> > https://www.ietf.org/archive/id/draft-reddy-tls-composite-mldsa-00.txt
> > Status:
> https://datatracker.ietf.org/doc/draft-reddy-tls-composite-mldsa/
> > HTML:
> > https://www.ietf.org/archive/id/draft-reddy-tls-composite-mldsa-00.html
> > HTMLized:
> > https://datatracker.ietf.org/doc/html/draft-reddy-tls-composite-mldsa
> >
> >
> > Abstract:
> >
> > This document specifies how the post-quantum signature scheme ML-DSA
> > [FIPS204], in combination with traditional algorithms RSA-
> > PKCS#1v1.5,RSA-PSS, ECDSA, Ed25519, and Ed448 can be used for
> > authentication in TLS 1.3. The composite ML-DSA approach is
> > beneficial in deployments where operators seek additional protection
> > against potential breaks or catastrophic bugs in ML-DSA.
> >
> >
> >
> > The IETF Secretariat
> >
> >
> >
>
> --
> Regards,
> Alicja (nee Hubert) Kario
> Principal Quality Engineer, RHEL Crypto team
> Web: www.cz.redhat.com
> Red Hat Czech s.r.o., Purkyňova 115, 612 00, Brno, Czech Republic
>
>
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
