Am 20.04.26 um 12:13 schrieb Daniel Van Geest:
I don't think there is any such risk for composite signatures in TLS. The certificate is part of the authenticated handshake data and defines the public signature key. This means that the implementation would have to validate an RSA (or MLDSA) signature against a composite MLDSA+RSA key and would have much more severe consequences than violating non-separability (the security implications of which are not obvious per se in any case). That would require a corresponding bug on the protocol level. I hold that being able to address component keys individually in a hardware token cannot be considered a problem in itself.The point was that if key reuse is forbidden then there shouldn't be a way to reference one of the components of a composite key as a standalone key (via a PKCS#11 token or whatever). Because if there is a way to reference one of the components of a composite key as a standalone key, then inevitably that will be done and non-separability properties will be lost.
_______________________________________________ TLS mailing list [email protected] To unsubscribe send an email [email protected]
-- *MTG AG* Dr. Falko Strenzke Phone: +49 6151 8000 24 E-Mail: [email protected] Web: mtg.de <https://www.mtg.de> ------------------------------------------------------------------------ MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany Commercial register: HRB 8901 Register Court: Amtsgericht Darmstadt Management Board: Jürgen Ruf (CEO), Tamer Kemeröz Chairman of the Supervisory Board: Dr. Thomas MildeThis email may contain confidential and/or privileged information. If you are not the correct recipient or have received this email in error, please inform the sender immediately and delete this email.Unauthorised copying or distribution of this email is not permitted.
Data protection information: Privacy policy <https://www.mtg.de/en/privacy-policy>
smime.p7s
Description: Kryptografische S/MIME-Signatur
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
