fluppe2
commented
5 months ago I think the #signatures discussion should be left out as it doesn't help an implementer but rather poses confusion. This draft should define how to use SLH-DSA in X.509 and point to FIPS205 for the general security considerations.
Also I am unsure about the benefit of pointing towards a future discussion around the reduced number of signatures version of SPHINCS+. I think that might again rather confuse than help.
danvangeest
The security of SLH-DSA slowly reduces below the target levels when more than 2^64 signatures have been created. While this is not a practical number of signatures, we should still mention something about this fact in the Security Considerations section. And maybe point out that if lower signature limit parameter sets are produced in the future, real-world use cases would have to be considered.