On Wednesday, 23 October 2024 19:29:06 CEST, Bas Westerbaan wrote:
Hi all,
Unless I overlooked something, we don't have a draft out to
assign a SignatureAlgorithm to ML-DSA for use in TLS.
It's two days past the I-D submission deadline, but I wanted to
point you to a short draft we put together to fill this gap.
https://bwesterb.github.io/tls-mldsa/draft-tls-westerbaan-mldsa.html
So far, I see only one open question: whether to set a non-zero
context string.
So, we do have a context string in the actual message being signed
in TLS 1.3, so that's a property for all signatures in TLS 1.3.
I've proposed a PR that makes it explicit how they're supposed to be
generated and validated: https://github.com/bwesterb/tls-mldsa/pull/6
I've also proposed a draft to forbid use of those schemes in TLS 1.2:
https://github.com/bwesterb/tls-mldsa/pull/7
--
Regards,
Alicja (nee Hubert) Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00, Brno, Czech Republic
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
