Closed teythoon closed 4 months ago
In section 6.2.4. Signature Verification it is stated that for the composite scheme, both signatures have to be validated. But I think that passage could be still a bit clearer by saying "In order to classify a composite signature as correctly validated, both component signatures must be verified successfully."
@teythoon Will this address your concern?
Now addressed by https://github.com/openpgp-pqc/draft-openpgp-pqc/pull/80/commits/3622d630b7fc411e0865eb42367c2114f55176d9.
@teythoon will this suffice from your point of view? Can we close this issue once the PR is merged?
Yes, thanks!
Closing it, as the changes are now in the main branch (unfortunately I lost track of the PR which was responsible for it, the commit above apparently fell victim to rebasing): "As specified in {{composite-signatures}} an implementation MUST validate both signatures, i.e. EdDSA/ECDSA and ML-DSA, successfully to state that a composite ML-DSA + ECC signature is valid."
Currently:
But the signature verification primitives introduced in section 6 looks like
So, "validate both signatures" could be understood to do that operation, and it doesn't explicitly say that the result must be
true
(assumingverified
is a boolean). This may be overly nitpicky, but I think that making explicit that both must verify successfully, or even stating how the two results are combined would be short and sweet.