[auth48] Re: AUTH48: RFC-to-be 9881 for your review

[Sean Turner via auth48archive]

Hi! I think we should make the following changes:

0) s3: SIGNED doesn’t actually appear in 5280, it’s in 5912. I’m suggesting we 
do something like what we did in the previous paragraph that talks about 
Certificate:

OLD:

Signatures are also used in the CRL list ASN.1 representation from [RFC5280 
<https://www.rfc-editor.org/authors/rfc9881.html#RFC5280>] below.

NEW:

Signatures are also used in the CRL list ASN.1, the representation below is 
equivalent to that in [RFC5280 
<https://www.rfc-editor.org/authors/rfc9881.html#RFC5280>].

1) s3: We refer to "TBSCertificate/TBSCertList” in the previous para and in 
5912 there is actually no "tbsCertificate/tbsCertList” - that’s from the ’88 
syntax. While I am pretty sure nobody will incorrectly implement this I am 
pretty sure that one of our an eagle eyed participants will submit an editorial 
errata, which I’d like to avoid.

OLD:

The signatureValue field contains the corresponding ML-DSA signature computed 
upon the ASN.1 DER-encoded tbsCertificate/tbsCertList [RFC5280 
<https://www.rfc-editor.org/authors/rfc9881.html#RFC5280>].

NEW:

The signatureValue field contains the corresponding ML-DSA signature computed 
upon the ASN.1 DER-encoded TBSCertificate/TBSCertList [RFC5280 
<https://www.rfc-editor.org/authors/rfc9881.html#RFC5280>].

2) XML twiddling: use (<<tt>xi<\\tt))) like we did for tr - in s6 (twice once 
in the 1st sentence and then in #1 in the list):

OLD:

(xi)

NEW:

(<tt>xi</ttd>)

3) s7: Add a Title for Table 1:

OLD:

Table 1

NEW:

Table 1: Registered ASN.1 Module

4) s8.2” XML twiddling: Make font match other ASN.1 fields (make it match the 
last sentence in the 1st para) - I think the seed and expandedKey need to be 
wrapped in <tt> </tt>:

OLD:

seed and the expandedKey,

NEW:

<tt>seed</tt> and the <tt>expandedKey</tt>,

5) s8.3: Tweak tbsCertificate to TBSCertificate:

OLD:

tbsCertificate

NEW:

TBSCertificate

6) s9: Don’t use contraction :)

s/can’t/cannot

7) Appendix A: Remove new line:

OLD:

END

<CODE ENDS>

NEW:

END
<CODE ENDS>

8) Appendix C.4. Step 1: Add “Key” - it refers to the ASN.1 field:

OLD:

and <tt>expanded</tt> values

NEW:

and <tt>expandedKey</tt> values

9) Appendix D: Change to Mu:

OLD:

  # Referred to as 'ExternalMu-ML-DSA.Sign(sk, μ)’

NEW:

  # Referred to as 'ExternalMu-ML-DSA.Sign(sk, mu)'


spt

> On Oct 13, 2025, at 21:09, Sandy Ginoza <sgin...@staff.rfc-editor.org> wrote:
> 
> Hi Jake,
> 
> Thank you for your review.  We have noted your approval on the AUTH48 page 
> <https://www.rfc-editor.org/auth48/rfc9881>.  We will continue with 
> publication once we hear from Sean as well. 
> 
> Thank you,
> Sandy Ginoza
> RFC Production Center
> 
> 
> 
>> On Oct 13, 2025, at 5:51 PM, Massimo, Jake <jake...@amazon.com> wrote:
>> 
>> Hi Sandy,
>> 
>> Approved!
>> 
>> Cheers,
>> Jake
>> 
>> On 10/12/25, 12:03 PM, "Sandy Ginoza" <sgin...@staff.rfc-editor.org 
>> <mailto:sgin...@staff.rfc-editor.org>> wrote:
>> 
>> 
>> CAUTION: This email originated from outside of the organization. Do not 
>> click links or open attachments unless you can confirm the sender and know 
>> the content is safe.
>> 
>> 
>> 
>> 
>> 
>> 
>> Hi Bas and Panos,
>> 
>> 
>> Thank you for your reviews. We have noted your approvals on the AUTH48 page 
>> <https://www.rfc-editor.org/auth48/rfc9881>. Once 
>> <https://www.rfc-editor.org/auth48/rfc9881&gt;.&nbsp;&nbsp;Once> we have 
>> received approvals from you coauthors, we will continue with the publication 
>> process.
>> 
>> 
>> Thank you,
>> Sandy Ginoza
>> RFC Production Center
>> 
>> 
>> 
>> 
>> 
>> 
>>> On Oct 11, 2025, at 8:39 PM, Kampanakis, Panos <kpa...@amazon.com 
>>> <mailto:kpa...@amazon.com>> wrote:
>>> 
>>> Approved
>>> 
>>> -----Original Message-----
>>> From: Sandy Ginoza <sgin...@staff.rfc-editor.org 
>>> <mailto:sgin...@staff.rfc-editor.org>>
>>> Sent: Friday, October 10, 2025 4:16 PM
>>> To: Bas Westerbaan <b...@cloudflare.com <mailto:b...@cloudflare.com>>
>>> Cc: Sean Turner <s...@sn3rd.com <mailto:s...@sn3rd.com>>; Massimo, Jake 
>>> <jakemas=40amazon....@dmarc.ietf.org <mailto:40amazon....@dmarc.ietf.org>>; 
>>> Kampanakis, Panos <kpa...@amazon.com <mailto:kpa...@amazon.com>>; RFC 
>>> Editor <rfc-edi...@rfc-editor.org <mailto:rfc-edi...@rfc-editor.org>>; 
>>> lamps-...@ietf.org <mailto:lamps-...@ietf.org>; lamps-cha...@ietf.org 
>>> <mailto:lamps-cha...@ietf.org>; Russ Housley <hous...@vigilsec.com 
>>> <mailto:hous...@vigilsec.com>>; Deb Cooley <debcool...@gmail.com 
>>> <mailto:debcool...@gmail.com>>; auth48archive@rfc-editor.org 
>>> <mailto:auth48archive@rfc-editor.org>
>>> Subject: RE: [EXTERNAL] AUTH48: RFC-to-be 9881 
>>> <draft-ietf-lamps-dilithium-certificates-13> for your review
>>> 
>>> CAUTION: This email originated from outside of the organization. Do not 
>>> click links or open attachments unless you can confirm the sender and know 
>>> the content is safe.
>>> 
>>> 
>>> 
>>> Hi Jake, Bas, and Sean,
>>> 
>>> We have updated the document and posted the revised files here:
>>> https://www.rfc-editor.org/authors/rfc9881.xml 
>>> <https://www.rfc-editor.org/authors/rfc9881.xml>
>>> https://www.rfc-editor.org/authors/rfc9881.txt 
>>> <https://www.rfc-editor.org/authors/rfc9881.txt>
>>> https://www.rfc-editor.org/authors/rfc9881.pdf 
>>> <https://www.rfc-editor.org/authors/rfc9881.pdf>
>>> https://www.rfc-editor.org/authors/rfc9881.html 
>>> <https://www.rfc-editor.org/authors/rfc9881.html>
>>> 
>>> Diffs highlighting only the recent changes:
>>> https://www.rfc-editor.org/authors/rfc9881-lastdiff.html 
>>> <https://www.rfc-editor.org/authors/rfc9881-lastdiff.html>
>>> https://www.rfc-editor.org/authors/rfc9881-lastrfcdiff.html 
>>> <https://www.rfc-editor.org/authors/rfc9881-lastrfcdiff.html> (side by side)
>>> 
>>> AUTH48 diffs:
>>> https://www.rfc-editor.org/authors/rfc9881-auth48diff.html 
>>> <https://www.rfc-editor.org/authors/rfc9881-auth48diff.html>
>>> https://www.rfc-editor.org/authors/rfc9881-auth48rfcdiff.html 
>>> <https://www.rfc-editor.org/authors/rfc9881-auth48rfcdiff.html> (side by 
>>> side)
>>> 
>>> Comprehensive diffs:
>>> https://www.rfc-editor.org/authors/rfc9881-diff.html 
>>> <https://www.rfc-editor.org/authors/rfc9881-diff.html>
>>> https://www.rfc-editor.org/authors/rfc9881-rfcdiff.html 
>>> <https://www.rfc-editor.org/authors/rfc9881-rfcdiff.html> (side by side)
>>> 
>>> 
>>> Bas - regarding the following, the lines in RFC 5912 are already outdented 
>>> (see https://www.rfc-editor.org/rfc/rfc5912.txt 
>>> <https://www.rfc-editor.org/rfc/rfc5912.txt>, p17). The lines in RFC 5912 
>>> are actually outdented 3 additional spaces; we are unable to make them 
>>> match with our current tools.
>>> 
>>>>> Note that instead of breaking the line, we outdented — please let us know 
>>>>> if you prefer otherwise.
>>>> 
>>>> Outdenting looks good to me, I'm assuming both "Current" and "From 
>>>> [RFC5912]" will be outdented to match eachother.
>>> 
>>> 
>>> Please review and let us know if any further updates are needed or if you 
>>> approve the RFC for publication.
>>> 
>>> Thanks,
>>> Sandy Ginoza
>>> RFC Production Center
>>> 
>>> 
>>> 
>>>> On Oct 10, 2025, at 6:01 AM, Bas Westerbaan <b...@cloudflare.com 
>>>> <mailto:b...@cloudflare.com>> wrote:
>>>> 
>>>> Yes, good catch.
>>>> 
>>>> On Fri, Oct 10, 2025 at 2:57 PM Sean Turner <s...@sn3rd.com 
>>>> <mailto:s...@sn3rd.com>> wrote:
>>>> Just want to make sure I didn’t introduce an error, but wanted more eyes:
>>>> 
>>>> Appendix D includes this:
>>>> 
>>>> # Referred to as 'Externalμ-ML-DSA.Prehash(pk, M, ctx)'
>>>> # in the FIPS 204 FAQ.
>>>> 
>>>> and this:
>>>> 
>>>> # Referred to as 'Externalμ-ML-DSA.Sign(sk, μ)'
>>>> # in the FIPS 204 FAQ.
>>>> 
>>>> Do we need to change these μ to Mu because that’s how the are actually 
>>>> referenced in the FIPS FAQ?
>>>> 
>>>> spt
>>>> 
>>>> 
>>>>> On Oct 10, 2025, at 06:03, Bas Westerbaan <b...@cloudflare.com 
>>>>> <mailto:b...@cloudflare.com>> wrote:
>>>>> 
>>>>> Hi Sandy,
>>>>> 
>>>>> Thank you for the quick updates.
>>>>> 
>>>>> I see some changes are still required.
>>>>> 
>>>>> - Section 2. Regarding changes for your origin point 1: you added an 
>>>>> ampersand in front of "Params", but not in front of "id" on the line 
>>>>> before that.
>>>>> 
>>>>> - References. Regarding changes for your original point 7: you haven't 
>>>>> updated the URL of the reference CDFFJ21 to the specific version 
>>>>> correctly. It should be 
>>>>> https://eprint.iacr.org/archive/2020/1525/20231023:114351 
>>>>> <https://eprint.iacr.org/archive/2020/1525/20231023:114351>
>>>>> 
>>>>> Otherwise it looks great, thanks!
>>>>> 
>>>>> Best,
>>>>> 
>>>>> Bas
>>>>> 
>>>>> On Fri, Oct 10, 2025 at 4:50 AM Massimo, Jake 
>>>>> <jakemas=40amazon....@dmarc.ietf.org 
>>>>> <mailto:40amazon....@dmarc.ietf.org>> wrote:
>>>>> Hey Sandy, Bas,
>>>>> 
>>>>> I can check a few confirmations off of this list:
>>>>> 
>>>>>> Note that instead of breaking the line, we outdented — please let us 
>>>>>> know if you prefer otherwise.
>>>>> 
>>>>> Outdenting looks good to me, I'm assuming both "Current" and "From 
>>>>> [RFC5912]" will be outdented to match eachother.
>>>>> 
>>>>>> We updated to use “pre-hash” except in the following:
>>>>>> # Referred to as 'Externalμ-ML-DSA.Prehash(pk, M, ctx)'
>>>>>> Please let us know if any updates are needed.
>>>>> 
>>>>> Confirming this is ok, and that we would not want to change 
>>>>> 'Externalμ-ML-DSA.Prehash'.
>>>>> 
>>>>> Cheers,
>>>>> Jake
>>>>> 
>>>> 
>>> 
>> 
>> 
>> 
>> 
>> 
> 


-- 
auth48archive mailing list -- auth48archive@rfc-editor.org
To unsubscribe send an email to auth48archive-le...@rfc-editor.org