Document: draft-ietf-lamps-kyber-certificates Title: Internet X.509 Public Key Infrastructure - Algorithm Identifiers for the Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) Reviewer: Mallory Knodel Review result: Ready with Nits
I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <https://wiki.ietf.org/en/group/gen/GenArtFAQ>. Document: draft-ietf-lamps-kyber-certificates-?? Reviewer: Mallory Knodel Review Date: 2025-06-09 IETF LC End Date: 2025-06-06 IESG Telechat date: Not scheduled for a telechat Summary: The draft defines how ML-KEM is represented in X.509. It defines algorithm identifiers, public- and private-key structures, key-usage semantics, and provides examples. It's certainly thorough, and follows related RFCs well. Major issues: None. Minor issues: None. Nits/editorial comments: * Suggest slight rewrite for the second of the two sentences in Section 5: "If the keyUsage extension is present in a certificate that indicates id-alg-ml-kem-* in the SubjectPublicKeyInfo, then the keyEncipherment bit MUST be the only key usage set." * Section 8: Private Key Consistency TESTING * Section 9: Suggest pulling in simply the headings or abstract of what is included in draft-sfluhrer-cfrg-ml-kem-security-considerations, making this paragraph just one sentence longer, which could help the reader to know on the order of what security considerations might be explained further. * Each subsection of Appendix C has repeated text that could be placed in the stacked head of that section. Furthermore one might use that intro text space before each subsection to point out anything that the reader might want to know or not be able to spot when holding them side-by-side. So, rather tell then show. Or, both show and tell, please. For readability and utility to the reader. Thanks for the great work! _______________________________________________ Gen-art mailing list -- [email protected] To unsubscribe send an email to [email protected]
