ounsworth
commented
1 month ago Potential text:
Inclusion of a composite signature algorithm OID inside a signed message achieved “Weak Non-Separability”, but that when you consider that within PKI, the verifier has the verification public key within a certificate, and that re-use of public keys between composite and non-composite certificates is forbidden, then all together this achieves “Strong Non-Separability”. We are in discussions with Dr. Hale about whether “Simultaneous Verification” can be achieved in this draft; the complexity is that most SV techniques require merging the two algorithms in such a way that you can’t use, for example ECDSA from your existing codebase and ML-DSA from OpenQuantumSafe, but instead you have to write new code for the merged composite algorithm. This would also invalidate any existing FIPS / CC certifications of the existing traditional algorithm code, and being able to leverage existing certified code in the transition is a primary goal of composite.
Add a reference to draft-ietf-pquip-hybrid-signature-spectrums, and be clear (possibly with a full security consideration section) about which level this is achieving.