Merge pull request #42 from kriskwiatkowski/kris/hbss

[LMS] Make it clear that HBSS are not good for general use
tireddy2 · Feb 7, 2024 · 3ae0369 · 3ae0369
2 parents 9997b96 + 9e6141e
commit 3ae0369
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/draft-ietf-pquip-pqc-engineers.md b/draft-ietf-pquip-pqc-engineers.md
@@ -491,8 +491,7 @@ Multi-Tree XMSS and LMS can be used for signing a potentially large but fixed nu
 
 The number of tree layers in XMSS^MT provides a trade-off between signature size on the one side and key generation and signing speed on the other side. Increasing the number of layers reduces key generation time exponentially and signing time linearly at the cost of increasing the signature size linearly.
 
-XMSS and HSS/LMS can be applied in various scenarios where digital signatures are required, such as software updates.
-
+Due to the complexities described above, the XMSS and LMS are not a suitable replacement for classical signature schemes like RSA or ECDSA. Applications that expect a long lifetime of a signature, like firmware update or secure boot, are typical use cases where those schemes can be succesfully applied.
 
 ## Hash-then-Sign