From 4fedd86baba4ff20981bce474b436e418e3e280e Mon Sep 17 00:00:00 2001 From: "Panos K." Date: Tue, 17 Dec 2024 10:36:16 -0500 Subject: [PATCH] Allow for HashML-DSA only in the pub key of EE certs and define ctx (#62) * Define ctx is the empty string ctx = empty string * Define ctx - ctx empty string for certs and CRLs, not everything. - Also say that a leaf cert could use HashML-DSA OIDs, but only there. * Update draft-ietf-lamps-dilithium-certificates.md * Update draft-ietf-lamps-dilithium-certificates.md * Update draft-ietf-lamps-dilithium-certificates.md * Update draft-ietf-lamps-dilithium-certificates.md Nit * removing ws * fixing ws --------- Co-authored-by: Sean Turner --- draft-ietf-lamps-dilithium-certificates.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/draft-ietf-lamps-dilithium-certificates.md b/draft-ietf-lamps-dilithium-certificates.md index 7ffb7bc..f5cce30 100644 --- a/draft-ietf-lamps-dilithium-certificates.md +++ b/draft-ietf-lamps-dilithium-certificates.md @@ -218,7 +218,9 @@ The OIDs are: ~~~ The contents of the parameters component for each algorithm MUST be -absent. +absent. The ctx value used in the ML-DSA signing and verification +{{FIPS204}} of ML-DSA signatures defined in this specification +(X.509 certificates, CRLs) is the empty string. # ML-DSA Signatures in PKIX @@ -427,7 +429,9 @@ defined in [FIPS204] section 5.4. This specification uses exclusively ExternalMu-ML-DSA for pre-hashed use cases, and thus public keys identified by `id-hash-ml-dsa-44-with-sha512`, `id-hash-ml-dsa-65-with-sha512`, and `id-hash-ml-dsa-87-with-sha512` -MUST NOT be used in X.509 and related PKIX protocols. +MUST NOT be used in X.509 and related PKIX protocols with the +exception of the Public Key in end-entity X.509 certifacates. +Such public keys could be used beyond PKIX. All functions and notation used in {{fig-externalmu-ml-dsa-external}} and {{fig-externalmu-ml-dsa-internal}} are defined in [FIPS204].