>so you can almost guarantee that some implementations will forget. Yes, implementations skipping requirements like this is a significant practical security problem. I think the draft should explicitly refer to Section 3.6.2.
It is the TLS protocol’s responsibility to ensure that ML-DSA.Verify() on CertificateVerify is performed in a manner conformant with FIPS 204. But I agree with David Benjamin that the draft should not mandate which alert to send. Cheers, John Preuß Mattsson On 2026-04-16, 12:05, "Peter C" <[email protected]> wrote: I think it's ready for publication as an RFC. I have a slight preference for keeping the requirement to check the signature length. Yes, ML-DSA verification should do this anyway, but it's buried in Section 3.6.2 of FIPS 204 so you can almost guarantee that some implementations will forget. I don't mind if the requirement to the check the public key length is removed. (In other words, PR#24 rather than PR#27) Peter > -----Original Message----- > From: Sean Turner <[email protected]<mailto:[email protected]>> > Sent: 15 April 2026 20:07 > To: TLS List <[email protected]<mailto:[email protected]>> > Subject: [TLS] Re: Working Group Last Call for Use of ML-DSA in TLS 1.3 > > Reminder that this WGLC is still ongoing. > > spt > > > On Apr 9, 2026, at 15:30, Sean Turner > > <[email protected]<mailto:[email protected]>> wrote: > > > > This is the working group last call for Use of ML-DSA in TLS 1.3. Please > review draft-ietf-tls-mldsa [1] and reply to this thread indicating if you > think it > is ready for publication or not. If you do not think it is ready please > indicate > why. This call will end on April 23, 2026. > > > > REMINDER: If you have not done so recently, review the TLS WG's Mail List > Procedures; see [2]. > > > > The Chairs, > > Deirdre, Joe, and Sean > > > > [1] https://datatracker.ietf.org/doc/draft-ietf-tls-mldsa/ > > [2] https://mailarchive.ietf.org/arch/msg/tls/ucdImHExlbOf4Q3BCG81gjzi2xE/ > _______________________________________________ > TLS mailing list -- [email protected]<mailto:[email protected]> > To unsubscribe send an email to [email protected]<mailto:[email protected]>
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
