I see that now - the draft states two different methods at different places (section 3.2.1 vs section 7). Obviously, that needs to be fixed.
The question remains: what should it state? Would the working group be content with the RFC 8420 method? ________________________________ From: Valery Smyslov <[email protected]> Sent: Tuesday, September 23, 2025 3:03 AM To: Scott Fluhrer (sfluhrer) <[email protected]>; 'ipsec' <[email protected]> Subject: RE: [IPsec] draft-ietf-ipsecme-ikev2-pqc-auth Hi Scott, The draft currently states that IKE will hash the signed octets (using the negotiated hash function) and then have ML-DSA/SLH-DSA sign that hash (which would involve applying a hash function again). actually the draft only specifies using the Identity hash, so there is no real hashing before passing octets to be signed to the signature algorithm. Thus, there is no double hashing – all the hashing takes place only inside ML-DSA or SLH-DSA. Regards, Valery.
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
