@@ -56,9 +56,8 @@ is used for authentication in TLS 1.3.
5656
5757# Introduction
5858
59- ML-DSA {{!FIPS204=DOI.10.6028/NIST.FIPS.204}} is a
60- post-quantum signature schemes standardised by NIST. It is a
61- module-lattice based scheme.
59+ ML-DSA is a post-quantum module-lattice based digital signature algorothm
60+ standardised by NIST in {{!FIPS204=DOI.10.6028/NIST.FIPS.204}}.
6261
6362This memo specifies how ML-DSA can be negotiated for authentication in TLS 1.3
6463via the "signature_algorithms" and "signature_algorithms_cert" extensions.
@@ -83,15 +82,15 @@ enum {
8382~~~
8483
8584These correspond to ML-DSA-44, ML-DSA-65, and ML-DSA-87 defined
86- in {{FIPS204}} respectively. Note that these are the pure versions and should not be confused
87- with prehashed variants such as HashML-DSA-44 also defined in {{FIPS204}}.
88-
89- Similarly, the context parameter defined in {{FIPS204}} Algorithm 2/Algorithm 3
90- MUST be the empty string.
85+ in {{FIPS204}} respectively. Note that these are different
86+ from the HashML-DSA pre-hashed variantsadefined in Section 5.4 of {{FIPS204}}.
9187
9288The signature MUST be computed and verified as specified in
9389{{Section 4.4.3 of RFC8446}}.
9490
91+ The context parameter defined in {{FIPS204}} Algorithm 2 and 3
92+ MUST be the empty string.
93+
9594The corresponding end-entity certificate when negotiated MUST
9695use id-ML-DSA-44, id-ML-DSA-65, id-ML-DSA-87 respectively as
9796defined in {{I-D.ietf-lamps-dilithium-certificates}}.
@@ -122,4 +121,5 @@ according to the procedures in {{Section 6 of TLSIANA}}.
122121# Acknowledgments
123122{:numbered="false"}
124123
125- Thanks to Alicja Kario and John Mattsson for their review and feedback.
124+ Thanks to Alicja Kario, John Mattsson, and Rebecca Guthrie
125+ for their review and feedback.
0 commit comments