REFERENCES.md

References

This section lists external specifications and internal documents that may be helpful when working with the Mock CA.

Table of Contents

• References
  • Project Documentation
  • Standards
    • Transport CMP
    • Algorithm Profiles
    • Drafts
  • Software
  • Post-Quantum Key Encapsulation Mechanism (KEM)
    • ML-KEM
      • Related RFCs and Drafts
  • Post-Quantum Signature
    • ML-DSA
      • Related RFCs and Drafts
    • SLH-DSA
      • Related RFCs and Drafts
  • PQ Stateful Signature
    • XMSS / XMSSMT
    • HSS
  • Hybrid Key Encapsulation Mechanism (KEM)
  • Hybrid Signature
  • Hybrid Certificates

---

Project Documentation

• Server Test Coverage
• CMP Test Suite README
• Post‑Quantum Integration Details
• Test Suite Architecture
• CMP Issues and Proposals
• Mock CA README

Standards

• RFC 4210 — Certificate Management Protocol (CMP)
• RFC 9480 — Certificate Management Protocol (CMP) Updates
• RFC 9483 — Lightweight Certificate Management Protocol (CMP)
• RFC 5280 — Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile

Transport CMP

• RFC 6712 — CMP over HTTP
• RFC 9482 — CMP over CoAP

Algorithm Profiles

• RFC 9481 — CMP Algorithms

Drafts

• draft-ietf-lamps-rfc4210bis (CMP)

Software

• OpenSSL — command-line tools used for CSR generation and CMP messages
• liboqs — post-quantum cryptography library enabling PQ algorithms

Post-Quantum Key Encapsulation Mechanism (KEM)

ML-KEM

• FIPS 203 — Module-Lattice-based Key-Encapsulation Mechanism (ML-KEM)

Related RFCs and Drafts

• draft-ietf-lamps-kyber-certificates — X.509 certificate profile for ML‑KEM
• draft-ietf-lamps-cms-kyber — Using ML‑KEM in CMS

Post-Quantum Signature

ML-DSA

• FIPS 204 — Module-Lattice-based Digital Signature Algorithm (ML‑DSA)

Related RFCs and Drafts

• draft-ietf-lamps-dilithium-certificates — X.509 certificate profile for ML‑DSA
• draft-ietf-lamps-cms-ml-dsa — Using ML‑DSA in CMS

SLH-DSA

• FIPS 205 — Stateless Hash‑Based Digital Signature Algorithm (SLH‑DSA)

Related RFCs and Drafts

• RFC 9814 — Use of the SLH‑DSA Signature Algorithm in CMS
• X.509 certificate profile for SLH‑DSA:
  • draft-ietf-lamps-sphincsplus-certificates

PQ Stateful Signature

• NIST Special Publication:
  • NIST SP 800‑208 — Recommendation for Stateful Hash‑Based Signature Schemes
• Defines the use of XMSS and HSS in X.509:
  • RFC 9802 — Use of the HSS and XMSS Hash‑Based Signature Algorithms in Internet X.509 Public Key Infrastructure

XMSS / XMSSMT

• Definition of XMSS and XMSSMT:
  • RFC 8391 — XMSS: eXtended Merkle Signature Scheme

HSS

• Definition of LMS and HSS:
  • RFC 8554 — Leighton–Micali Hash‑Based Signatures
• Using LMS/HSS in CMS:
  • RFC 9708 — Use of the HSS/LMS Hash‑Based Signature Algorithm in the Cryptographic Message Syntax (CMS)
• Additional parameter sets for HSS/LMS hash‑based signatures:
  • draft-fluhrer-lms-more-parm-sets

Hybrid Key Encapsulation Mechanism (KEM)

• draft-connolly-cfrg-xwing-kem
• draft-ietf-lamps-pq-composite-kem
• draft-josefsson-chempat

Hybrid Signature

• draft-ietf-lamps-pq-composite-sigs

Hybrid Certificates

• draft-sun-lamps-hybrid-scheme
• RFC 9763 — Related Certificates for Use in Multiple Authentications within a Protocol
• draft-lamps-okubo-certdiscovery
• draft-bonnell-lamps-chameleon-certs
• Catalyst (Alternative Signature):
  • ITU‑T X.509 (10/2019) — Alternative public key and signature extensions
  • Document:
    • ITU‑T X.509 (10/2019)
  • Died draft:
    • draft-truskovsky-lamps-pq-hybrid-x509 — Multiple Public‑Key Algorithm X.509 Certificates