From 9e6141e565d5cfe8569c613e9d402c2cda1cbf44 Mon Sep 17 00:00:00 2001
From: Kris Kwiatkowski <contact@amongbytes.com>
Date: Thu, 1 Feb 2024 21:56:12 +0000
Subject: [PATCH] [lms] Make it clear that HBS are not good for general use

---
 draft-ietf-pquip-pqc-engineers.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/draft-ietf-pquip-pqc-engineers.md b/draft-ietf-pquip-pqc-engineers.md
index 21d675e..4a0acb1 100644
--- a/draft-ietf-pquip-pqc-engineers.md
+++ b/draft-ietf-pquip-pqc-engineers.md
@@ -481,8 +481,7 @@ Multi-Tree XMSS and LMS can be used for signing a potentially large but fixed nu
 
 The number of tree layers in XMSS^MT provides a trade-off between signature size on the one side and key generation and signing speed on the other side. Increasing the number of layers reduces key generation time exponentially and signing time linearly at the cost of increasing the signature size linearly.
 
-XMSS and HSS/LMS can be applied in various scenarios where digital signatures are required, such as software updates.
-
+Due to the complexities described above, the XMSS and LMS are not a suitable replacement for classical signature schemes like RSA or ECDSA. Applications that expect a long lifetime of a signature, like firmware update or secure boot, are typical use cases where those schemes can be succesfully applied.
 
 ## Hash-then-Sign