Hi Ryan, Thanks for the review.
On Fri, May 23, 2025 at 11:46 PM Appel, Ryan <ryan.appel= 40bofa....@dmarc.ietf.org> wrote: > Hello all, > > > > Apologies if there’s any emails that have already gone out for these > editorial items or if you all already had plans to fix them. I was going > through the draft today and didn’t see any of these suggested edits in the > mail archive. > > ----------- > > In section 1. Introduction it states “module-lattice based” NIST defines it > in FIPS 204 with a “-” in-between both module and lattice and lattice and > based so this should probably be: “module-lattice-based” > > > > In addition in this section, it says “algorothm” which should be corrected to > “algorithm”. > > ------------- > > In section 3. The paragraph beginning “These correspond to…” has the text > “variantsadefined” which looks to be a mistyped “a” where a space should be. > This should be corrected to “variants defined” > > > > In the paragraph beginning “The schemes defined in this document…” should > probably say that these algorithms must not be used in a TLS version earlier > than TLS 1.3. Right now it only precludes version 1.2. > > > > Throughout RFC 8446, this is referenced as “TLS 1.2 or below”. So the > proposed language is to change the first sentence (and others like it) to: > “The schemes defined in this document MUST NOT be used in TLS 1.2 or below.” > And “A peer that receives ServerKeyExchange or CertificateVerify message in a > TLS 1.2 or below connection” > > Does this address it? https://github.com/tlswg/tls-mldsa/pull/13 > ------------- > > I realize that there are many considerations that need to be put into > place in the “Security Considerations” and it has been left as a TODO. > There’s probably some worth in taking some of the info in 8446 appendix C, > D, and E, and discussing them in terms of using PQC for authentication vs > non-PQC. As well as the decision to NOT allow the hash-ml-dsa variants and > other such security considerations like what’s discussed in FIPS 204 > section 3 > Agreed. There is some early discussion here already. https://github.com/tlswg/tls-mldsa/pull/9 Best, Bas > > > Thank you, > > > > Ryan Appel > > > > > > > ------------------------------ > This message, and any attachment(s), is for the intended recipient(s) > only, may contain information that is privileged, confidential and/or > proprietary and subject to important terms and conditions available at > http://www.bankofamerica.com/electronic-disclaimer. If you are not the > intended recipient, please delete this message. For more information about > how Bank of America protects your privacy, including specific rights that > may apply, please visit the following pages: > https://business.bofa.com/en-us/content/global-privacy-notices.html > (which includes global privacy notices) and > https://www.bankofamerica.com/security-center/privacy-overview/ (which > includes US State specific privacy notices such as the > http://www.bankofamerica.com/ccpa-notice). > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
