From 2c3e51485e2e96c928edcbc86da5605d4ab97d24 Mon Sep 17 00:00:00 2001 From: "Panos K." Date: Thu, 12 Dec 2024 10:23:19 -0500 Subject: [PATCH 1/8] Define ctx is the empty string ctx = empty string --- draft-ietf-lamps-dilithium-certificates.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/draft-ietf-lamps-dilithium-certificates.md b/draft-ietf-lamps-dilithium-certificates.md index c4f6eff..225c3f4 100644 --- a/draft-ietf-lamps-dilithium-certificates.md +++ b/draft-ietf-lamps-dilithium-certificates.md @@ -218,7 +218,8 @@ The OIDs are: ~~~ The contents of the parameters component for each algorithm MUST be -absent. +absent. The ctx value used in the ML-DSA Signing and Verification +{{FIPS204}} is the empty string # ML-DSA Signatures in PKIX @@ -437,9 +438,9 @@ External operations: ~~~ ExternalMu-ML-DSA.Prehash(pk, M, ctx): - if |ctx| > 255 then + if |ctx| > 0 then return error # return an error indication if the context string is - # too long + # not the empty string end if M' = BytesToBits(IntegerToBytes(0, 1) ∥ IntegerToBytes(|ctx|, 1) From 122cca15e56df1079db57fe65ba99351685bedda Mon Sep 17 00:00:00 2001 From: "Panos K." Date: Thu, 12 Dec 2024 10:56:33 -0500 Subject: [PATCH 2/8] Define ctx - ctx empty string for certs and CRLs, not everything. - Also say that a leaf cert could use HashML-DSA OIDs, but only there. --- draft-ietf-lamps-dilithium-certificates.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/draft-ietf-lamps-dilithium-certificates.md b/draft-ietf-lamps-dilithium-certificates.md index 225c3f4..631d888 100644 --- a/draft-ietf-lamps-dilithium-certificates.md +++ b/draft-ietf-lamps-dilithium-certificates.md @@ -218,8 +218,9 @@ The OIDs are: ~~~ The contents of the parameters component for each algorithm MUST be -absent. The ctx value used in the ML-DSA Signing and Verification -{{FIPS204}} is the empty string +absent. The ctx value used in the ML-DSA signing and verification +{{FIPS204}} of ML-DSA signatures defined in this specification +(X.509 certificates, CRLs) is the empty string # ML-DSA Signatures in PKIX @@ -428,7 +429,10 @@ defined in [FIPS204] section 5.4. This specification uses exclusively ExternalMu-ML-DSA for pre-hashed use cases, and thus public keys identified by `id-hash-ml-dsa-44-with-sha512`, `id-hash-ml-dsa-65-with-sha512`, and `id-hash-ml-dsa-87-with-sha512` -MUST NOT be used in X.509 and related PKIX protocols. +MUST NOT be used in X.509 and related PKIX protocols with the +exception of the Public Key in end-entity X.509 certifacates. +Such public keys could be used beyond PKIX use-cases and thus +could need HashML-DSA. All functions and notation used in {{fig-externalmu-ml-dsa-external}} and {{fig-externalmu-ml-dsa-internal}} are defined in [FIPS204]. From 5d6036d58c703a80e90422efa208ded9ed985983 Mon Sep 17 00:00:00 2001 From: "Panos K." Date: Thu, 12 Dec 2024 11:57:14 -0500 Subject: [PATCH 3/8] Update draft-ietf-lamps-dilithium-certificates.md --- draft-ietf-lamps-dilithium-certificates.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/draft-ietf-lamps-dilithium-certificates.md b/draft-ietf-lamps-dilithium-certificates.md index 631d888..81de184 100644 --- a/draft-ietf-lamps-dilithium-certificates.md +++ b/draft-ietf-lamps-dilithium-certificates.md @@ -442,9 +442,9 @@ External operations: ~~~ ExternalMu-ML-DSA.Prehash(pk, M, ctx): - if |ctx| > 0 then + if |ctx| > 255 then return error # return an error indication if the context string is - # not the empty string + # not too long end if M' = BytesToBits(IntegerToBytes(0, 1) ∥ IntegerToBytes(|ctx|, 1) From 811028778bd284faf6aa4f2960a36f836df04945 Mon Sep 17 00:00:00 2001 From: "Panos K." Date: Thu, 12 Dec 2024 11:57:45 -0500 Subject: [PATCH 4/8] Update draft-ietf-lamps-dilithium-certificates.md --- draft-ietf-lamps-dilithium-certificates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-lamps-dilithium-certificates.md b/draft-ietf-lamps-dilithium-certificates.md index 81de184..d9cc4f9 100644 --- a/draft-ietf-lamps-dilithium-certificates.md +++ b/draft-ietf-lamps-dilithium-certificates.md @@ -444,7 +444,7 @@ ExternalMu-ML-DSA.Prehash(pk, M, ctx): if |ctx| > 255 then return error # return an error indication if the context string is - # not too long + # too long end if M' = BytesToBits(IntegerToBytes(0, 1) ∥ IntegerToBytes(|ctx|, 1) From a283ef18c3da838c9d9c2889cff60a2a897aa31e Mon Sep 17 00:00:00 2001 From: "Panos K." Date: Thu, 12 Dec 2024 13:11:45 -0500 Subject: [PATCH 5/8] Update draft-ietf-lamps-dilithium-certificates.md --- draft-ietf-lamps-dilithium-certificates.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/draft-ietf-lamps-dilithium-certificates.md b/draft-ietf-lamps-dilithium-certificates.md index d9cc4f9..5bbd6ca 100644 --- a/draft-ietf-lamps-dilithium-certificates.md +++ b/draft-ietf-lamps-dilithium-certificates.md @@ -429,10 +429,10 @@ defined in [FIPS204] section 5.4. This specification uses exclusively ExternalMu-ML-DSA for pre-hashed use cases, and thus public keys identified by `id-hash-ml-dsa-44-with-sha512`, `id-hash-ml-dsa-65-with-sha512`, and `id-hash-ml-dsa-87-with-sha512` -MUST NOT be used in X.509 and related PKIX protocols with the -exception of the Public Key in end-entity X.509 certifacates. -Such public keys could be used beyond PKIX use-cases and thus -could need HashML-DSA. +MUST NOT be used in X.509 and related PKIX protocols with the +exception of the Public Key in end-entity X.509 certifacates. +Such public keys could be used beyond PKIX use-cases and thus +could need HashML-DSA. All functions and notation used in {{fig-externalmu-ml-dsa-external}} and {{fig-externalmu-ml-dsa-internal}} are defined in [FIPS204]. From faaa288b0fa43fb72a1747c40a50da137e4973e9 Mon Sep 17 00:00:00 2001 From: "Panos K." Date: Fri, 13 Dec 2024 11:44:55 -0500 Subject: [PATCH 6/8] Update draft-ietf-lamps-dilithium-certificates.md Nit --- draft-ietf-lamps-dilithium-certificates.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/draft-ietf-lamps-dilithium-certificates.md b/draft-ietf-lamps-dilithium-certificates.md index 5bbd6ca..5113aa3 100644 --- a/draft-ietf-lamps-dilithium-certificates.md +++ b/draft-ietf-lamps-dilithium-certificates.md @@ -431,8 +431,7 @@ keys identified by `id-hash-ml-dsa-44-with-sha512`, `id-hash-ml-dsa-65-with-sha512`, and `id-hash-ml-dsa-87-with-sha512` MUST NOT be used in X.509 and related PKIX protocols with the exception of the Public Key in end-entity X.509 certifacates. -Such public keys could be used beyond PKIX use-cases and thus -could need HashML-DSA. +Such public keys could be used beyond PKIX. All functions and notation used in {{fig-externalmu-ml-dsa-external}} and {{fig-externalmu-ml-dsa-internal}} are defined in [FIPS204]. From 3577bf7bbbfac746325db95fda0d6daf3172eae9 Mon Sep 17 00:00:00 2001 From: Sean Turner Date: Tue, 17 Dec 2024 10:32:22 -0500 Subject: [PATCH 7/8] removing ws --- draft-ietf-lamps-dilithium-certificates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-lamps-dilithium-certificates.md b/draft-ietf-lamps-dilithium-certificates.md index 5113aa3..e174520 100644 --- a/draft-ietf-lamps-dilithium-certificates.md +++ b/draft-ietf-lamps-dilithium-certificates.md @@ -220,7 +220,7 @@ The OIDs are: The contents of the parameters component for each algorithm MUST be absent. The ctx value used in the ML-DSA signing and verification {{FIPS204}} of ML-DSA signatures defined in this specification -(X.509 certificates, CRLs) is the empty string +(X.509 certificates, CRLs) is the empty string. # ML-DSA Signatures in PKIX From 8cd7f3488789d32d58385b764c63469e007bf456 Mon Sep 17 00:00:00 2001 From: Sean Turner Date: Tue, 17 Dec 2024 10:35:18 -0500 Subject: [PATCH 8/8] fixing ws --- draft-ietf-lamps-dilithium-certificates.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/draft-ietf-lamps-dilithium-certificates.md b/draft-ietf-lamps-dilithium-certificates.md index e174520..518ac5f 100644 --- a/draft-ietf-lamps-dilithium-certificates.md +++ b/draft-ietf-lamps-dilithium-certificates.md @@ -218,8 +218,8 @@ The OIDs are: ~~~ The contents of the parameters component for each algorithm MUST be -absent. The ctx value used in the ML-DSA signing and verification -{{FIPS204}} of ML-DSA signatures defined in this specification +absent. The ctx value used in the ML-DSA signing and verification +{{FIPS204}} of ML-DSA signatures defined in this specification (X.509 certificates, CRLs) is the empty string. # ML-DSA Signatures in PKIX