Linda:Document: draft-ietf-lamps-x509-slhdsa
Title: Internet X.509 Public Key Infrastructure: Algorithm Identifiers for
SLH-DSA Reviewer: Linda Dunbar Review result: Has Nits
I have reviewed this document as part of the Ops area directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the Ops area directors.
Document editors and WG chairs should treat these comments just like any other
last-call comments.
Summary: This draft defines the algorithm identifiers and encoding conventions
for using the quantum-resistant SLH-DSA signature scheme within the X.509
Public Key Infrastructure.
Major issue:
I’m not an expert in this area, so I’d like to ask: given that the same or very
similar OIDs are used for both Pure SLH-DSA and Hash SLH-DSA, is there a high
risk of accidentally mixing up the two modes during implementation or
certificate processing? If so, would it be helpful to include additional
guidance in the draft to help avoid such misconfiguration?
It is very common for object identifiers to be assigned in sequential order. Further, this object identifiers were assigned by NIST. You can see them here:
If a signer were to use the incorrect the object identifier, then the verifier would use the wrong routine to attempt validation, which would lead to rejecting the signature. A similar failure would take place if the signer used the wrong object identifier.
Russ
|
--
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx
