On Mon, 4 Nov 2024 at 19:47, Alicja Kario <[email protected]> wrote: > Hello, > > I don't think we should go back to signing with PKCS#1 v1.5 in TLSv1.3.
> I'm opposed to including those two IDs: > > mldsa44_rsa_pkcs1_sha256 (0x090C), > mldsa65_rsa_pkcs1_sha384 (0x090D), > I wanted to remove them but I see TLS 1.3 allows rsa_pkcs1 for certificates but not for certificate verification and it is mandatory to implement digital signature. I will update the draft to restrict its use to the "signature_algorithms_cert" extension. -Tiru > > Theoretically we could require the RSA part to still make PSS signatures > but I think that would be rather hard on the cryptographic backends... > So I'd rather not have them. > > On Sunday, 3 November 2024 01:07:34 CET, tirumal reddy wrote: > > Hi all, > > > > The draft > > https://datatracker.ietf.org/doc/draft-tls-reddy-composite-mldsa/ > > specifies how ML-DSA in combination with traditional algorithms > > can be used for authentication in TLS 1.3. > > > > Comments and suggestions are welcome. > > > > Regards, > > - Tiru > > > > ---------- Forwarded message --------- > > From: <[email protected]> > > Date: Sun, 3 Nov 2024 at 05:33 > > Subject: New Version Notification for > draft-tls-reddy-composite-mldsa-00.txt > > To: Tirumaleswar Reddy.K <[email protected]>, John Gray > > <[email protected]>, Scott Fluhrer <[email protected]>, > > Timothy Hollebeek <[email protected]> > > > > > > A new version of Internet-Draft draft-tls-reddy-composite-mldsa-00.txt > has > > been successfully submitted by Tirumaleswar Reddy and posted to the > > IETF repository. > > > > Name: draft-tls-reddy-composite-mldsa > > Revision: 00 > > Title: Use of Composite ML-DSA in TLS 1.3 > > Date: 2024-11-02 > > Group: Individual Submission > > Pages: 8 > > URL: > > https://www.ietf.org/archive/id/draft-tls-reddy-composite-mldsa-00.txt > > Status: > https://datatracker.ietf.org/doc/draft-tls-reddy-composite-mldsa/ > > HTML: > > https://www.ietf.org/archive/id/draft-tls-reddy-composite-mldsa-00.html > > HTMLized: > > https://datatracker.ietf.org/doc/html/draft-tls-reddy-composite-mldsa > > > > > > Abstract: > > > > This document specifies how the post-quantum signature scheme ML-DSA > > [FIPS204], in combination with traditional algorithms RSA- > > PKCS#1v1.5,RSA-PSS, ECDSA, Ed25519, and Ed448 can be used for > > authentication in TLS 1.3. The composite ML-DSA approach is > > beneficial in deployments where operators seek additional protection > > against potential breaks or catastrophic bugs in ML-DSA. > > > > > > > > The IETF Secretariat > > > > > > > > -- > Regards, > Alicja (nee Hubert) Kario > Principal Quality Engineer, RHEL Crypto team > Web: www.cz.redhat.com > Red Hat Czech s.r.o., Purkyňova 115, 612 00, Brno, Czech Republic > >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
