Make explicit how composite verification results are combined

[teythoon]

Currently:

6.2.4. Signature Verification

... As specified in Section 4.3 an implementation MUST validate both signatures, i.e. EdDSA/ECDSA and ML-DSA, to state that a composite ML-DSA + ECC signature is valid.

But the signature verification primitives introduced in section 6 looks like

(verified) <- EdDSA.Verify(eddsaPublicKey, eddsaSignature, dataDigest)

So, "validate both signatures" could be understood to do that operation, and it doesn't explicitly say that the result must be true (assuming verified is a boolean). This may be overly nitpicky, but I think that making explicit that both must verify successfully, or even stating how the two results are combined would be short and sweet.

[falko-strenzke]

In section 6.2.4. Signature Verification it is stated that for the composite scheme, both signatures have to be validated. But I think that passage could be still a bit clearer by saying "In order to classify a composite signature as correctly validated, both component signatures must be verified successfully."

@teythoon Will this address your concern?

[falko-strenzke]

Now addressed by https://github.com/openpgp-pqc/draft-openpgp-pqc/pull/80/commits/3622d630b7fc411e0865eb42367c2114f55176d9.

@teythoon will this suffice from your point of view? Can we close this issue once the PR is merged?

[teythoon]

Yes, thanks!

[falko-strenzke]

Closing it, as the changes are now in the main branch (unfortunately I lost track of the PR which was responsible for it, the commit above apparently fell victim to rebasing): "As specified in {{composite-signatures}} an implementation MUST validate both signatures, i.e. EdDSA/ECDSA and ML-DSA, successfully to state that a composite ML-DSA + ECC signature is valid."