Thanks David. Change is made in https://github.com/tlswg/tls-mldsa/pull/24
On Thu, Apr 9, 2026 at 9:46 PM David Benjamin <[email protected]> wrote: > I have read the document and support publication as an RFC. I expect we'll > implement it soon. > > One extremely minor comment, in Section 3.2, the draft says: > > > If the signature or public key is of the wrong length, the client MUST > treat this a verification failure, and thus terminate the handshake with > decrypt_error alert. > > This should delete "or public key". The public key is carried inside the > certificate. That means questions of the length *or* contents of the > public key will be resolved at the X.509 layer, either failing in overall > X.509 certificate parsing, or in extracting the SPKI from the certificate. > What alert is sent will depend a lot on exactly what is processed in what > layer by the application, so I think it is best to just not say anything. > The signature, on the other hand, is delivered directly via TLS, so > prescribing the alert is in scope. (Even so this sentence is a bit > redundant since your signature verification function had better check the > length as part of the process! *shrug*) > > On Thu, Apr 9, 2026 at 3:40 PM Russ Housley <[email protected]> wrote: > >> I have read the document, and I support publication as an RFC. >> >> Russ >> >> >> > On Apr 9, 2026, at 3:30 PM, Sean Turner <[email protected]> wrote: >> > >> > This is the working group last call for Use of ML-DSA in TLS 1.3. >> Please review draft-ietf-tls-mldsa [1] and reply to this thread indicating >> if you think it is ready for publication or not. If you do not think it is >> ready please indicate why. This call will end on April 23, 2026. >> > >> > REMINDER: If you have not done so recently, review the TLS WG's Mail >> List Procedures; see [2]. >> > >> > The Chairs, >> > Deirdre, Joe, and Sean >> > >> > [1] https://datatracker.ietf.org/doc/draft-ietf-tls-mldsa/ >> > [2] >> https://mailarchive.ietf.org/arch/msg/tls/ucdImHExlbOf4Q3BCG81gjzi2xE/ >> >> _______________________________________________ >> TLS mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> > _______________________________________________ > TLS mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
