Falko Strenzke - Public Comment on PKCS#11 v3.2 Committee Specification Draft 01: missing multi-part operations for XMSS and HSS

[bubbva]

Falko Strenzke made a public comment on PKCS#11v3.2

With reference to PKCS #11 3.2 Committee Specification Draft 01 from 16 April 2025:

Only single-part operations are defined for XMSS and HSS. I find this questionable, especially because no pre-hash variants are defined for X.509 / CMS either. Both signature schemes could efficiently support multi-part operations with constant memory requirements. The usual interface can be used for the signature, and the new C_VerifySignature... interface would be used for verification as in the case of SLH-DSA.

Why is this difference made between SLH-DSA and XMSS/HSS with respect to multi-part operations?

I would suggest to support multi-part signing for both XMSS and HSS.

As a TC, we decided to bring this comment to v3.3 for consideration.