Allow for HashML-DSA only in the pub key of EE certs and define ctx (#62

)

* Define ctx is the empty string

ctx = empty string

* Define ctx

- ctx empty string for certs and CRLs, not everything. 
- Also say that a leaf cert could use HashML-DSA OIDs, but only there.

* Update draft-ietf-lamps-dilithium-certificates.md

* Update draft-ietf-lamps-dilithium-certificates.md

* Update draft-ietf-lamps-dilithium-certificates.md

* Update draft-ietf-lamps-dilithium-certificates.md

Nit

* removing ws

* fixing ws

---------

Co-authored-by: Sean Turner <[email protected]>

draft-ietf-lamps-dilithium-certificates.md

@@ -218,7 +218,9 @@ The OIDs are:
 ~~~
 
 The contents of the parameters component for each algorithm MUST be
-absent.
+absent. The ctx value used in the ML-DSA signing and verification
+{{FIPS204}} of ML-DSA signatures defined in this specification
+(X.509 certificates, CRLs) is the empty string.
 
 # ML-DSA Signatures in PKIX
 
@@ -427,7 +429,9 @@ defined in [FIPS204] section 5.4. This specification uses exclusively
 ExternalMu-ML-DSA for pre-hashed use cases, and thus public
 keys identified by `id-hash-ml-dsa-44-with-sha512`,
 `id-hash-ml-dsa-65-with-sha512`, and `id-hash-ml-dsa-87-with-sha512`
-MUST NOT be used in X.509 and related PKIX protocols.
+MUST NOT be used in X.509 and related PKIX protocols with the
+exception of the Public Key in end-entity X.509 certifacates.
+Such public keys could be used beyond PKIX.
 
 All functions and notation used in {{fig-externalmu-ml-dsa-external}}
 and {{fig-externalmu-ml-dsa-internal}} are defined in [FIPS204].