EDNOTE 1: scope restricted to signatures

[ounsworth]

EDNOTE 1: While the scope of this document is restricted to signatures, we note that the same CompositePublicKey structure is equally applicable to asymmetric encryption keys. Though a word of warning that the corresponding "encrypt / decrypt with a composite public key" logic is somewhat less obvious; a naive implementer might be tempted to follow the same pattern as below and encrypt the message with each public key separately and then concatenate the ciphertexts, which is wrong, they need to be nested. Specifying the correct implementation of such an encryption scheme is out of scope for this document, but would be good work for someone in the standards community to pick up.

[ounsworth]

I have removed the EDNOTE, and replaced it with this text:

While the CompositePublicKey structure defined herein is equally applicable to asymmetric encryption keys, this document is intentionally restricted to signatures. The combiner functions for composite encryption and KEMs is being addressed in other drafts.

[kriskwiatkowski]

Link to https://tools.ietf.org/html/draft-stebila-tls-hybrid-design-01 can be added as a reference

[ounsworth]

Thanks @henrydcase . Done.