Script updating gh-pages from 354b2be. [ci skip]

dvg/my_original_review/draft-ietf-lamps-cms-ml-dsa.html

@@ -9,7 +9,7 @@
 <meta content="Adam Raine" name="author">
 <meta content="Daniel Van Geest" name="author">
 <meta content="
-       The Module-Lattice-Based Digital Signature Algorithm (ML-DSA), as defined in FIPS 204, is a post-quantum digital signature scheme that aims to be secure against an adversary in posession of a Cryptographically Relevant Quantum Computer (CRQC).
+       The Module-Lattice-Based Digital Signature Algorithm (ML-DSA), as defined in FIPS 204  , is a post-quantum digital signature scheme that aims to be secure against an adversary in possession of a Cryptographically Relevant Quantum Computer (CRQC).
 This document specifies the conventions for using the ML-DSA signature algorithm with the Cryptographic Message Syntax (CMS).
 In addition, the algorithm identifier and public key syntax are provided. 
     " name="description">
@@ -1126,7 +1126,7 @@
 <h1 id="title">Use of the ML-DSA Signature Algorithm in the Cryptographic Message Syntax (CMS)</h1>
 <section id="section-abstract">
       <h2 id="abstract"><a href="#abstract" class="selfRef">Abstract</a></h2>
-<p id="section-abstract-1">The Module-Lattice-Based Digital Signature Algorithm (ML-DSA), as defined in FIPS 204, is a post-quantum digital signature scheme that aims to be secure against an adversary in posession of a Cryptographically Relevant Quantum Computer (CRQC).
+<p id="section-abstract-1">The Module-Lattice-Based Digital Signature Algorithm (ML-DSA), as defined in FIPS 204 <span>[<a href="#FIPS204" class="cite xref">FIPS204</a>]</span>, is a post-quantum digital signature scheme that aims to be secure against an adversary in possession of a Cryptographically Relevant Quantum Computer (CRQC).
 This document specifies the conventions for using the ML-DSA signature algorithm with the Cryptographic Message Syntax (CMS).
 In addition, the algorithm identifier and public key syntax are provided.<a href="#section-abstract-1" class="pilcrow">¶</a></p>
 </section>
@@ -1258,6 +1258,7 @@ <h2 id="name-introduction">
 <a href="#section-1" class="section-number selfRef">1. </a><a href="#name-introduction" class="section-name selfRef">Introduction</a>
       </h2>
 <p id="section-1-1">The Module-Lattice-Based Digital Signature Algorithm (ML-DSA) is a digital signature algorithm standardised by NIST as part of their post-quantum cryptography standardization process.
+Prior to standardization, the algorithm was known as Dilithium.  ML-DSA and Dilithium are not compatible.
 It is intended to be secure against both "traditional" cryptographic attacks, as well as attacks utilising a quantum computer.
 It offers smaller signatures and significantly faster runtimes than SLH-DSA <span>[<a href="#FIPS203" class="cite xref">FIPS203</a>]</span>, an alternative post-quantum signature algorithm also standardised by NIST.<a href="#section-1-1" class="pilcrow">¶</a></p>
 <p id="section-1-2">Prior to standardisation, the algorithm was known as Dilithium.  ML-DSA and Dilithium are not compatible.<a href="#section-1-2" class="pilcrow">¶</a></p>
@@ -1304,7 +1305,7 @@ <h2 id="name-ml-dsa-algorithm-identifier">
         }
 </pre><a href="#section-2-2" class="pilcrow">¶</a>
 </div>
-<p id="section-2-3">The above syntax is from <span>[<a href="#RFC5911" class="cite xref">RFC5911</a>]</span> and is compatible with the 2021 ASN.1 syntax <span>[<a href="#X680" class="cite xref">X680</a>]</span>.
+<p id="section-2-3">The above syntax is from <span>[<a href="#RFC5912" class="cite xref">RFC5912</a>]</span> and is compatible with the 2021 ASN.1 syntax <span>[<a href="#X680" class="cite xref">X680</a>]</span>.
 See <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span> for the 1988 ASN.1 syntax.<a href="#section-2-3" class="pilcrow">¶</a></p>
 <p id="section-2-4">The fields in the AlgorithmIdentifier type have the following meanings:<a href="#section-2-4" class="pilcrow">¶</a></p>
 <span class="break"></span><dl class="dlParallel" id="section-2-5">
@@ -1463,15 +1464,15 @@ <h3 id="name-signerinfo-content">
           <tbody>
             <tr>
               <td class="text-left" rowspan="1" colspan="1">ML-DSA-44</td>
-              <td class="text-left" rowspan="1" colspan="1">SHAKE128</td>
+              <td class="text-left" rowspan="1" colspan="1">SHAKE128 with 256 bit output</td>
             </tr>
             <tr>
               <td class="text-left" rowspan="1" colspan="1">ML-DSA-65</td>
-              <td class="text-left" rowspan="1" colspan="1">SHAKE256</td>
+              <td class="text-left" rowspan="1" colspan="1">SHAKE256 with 512 bit output</td>
             </tr>
             <tr>
               <td class="text-left" rowspan="1" colspan="1">ML-DSA-87</td>
-              <td class="text-left" rowspan="1" colspan="1">SHAKE256</td>
+              <td class="text-left" rowspan="1" colspan="1">SHAKE256 with 512 bit output</td>
             </tr>
           </tbody>
         </table>
@@ -1621,9 +1622,9 @@ <h3 id="name-informative-references">
         <dd>
 <span class="refAuthor">Cooper, D.</span>, <span class="refAuthor">Santesson, S.</span>, <span class="refAuthor">Farrell, S.</span>, <span class="refAuthor">Boeyen, S.</span>, <span class="refAuthor">Housley, R.</span>, and <span class="refAuthor">W. Polk</span>, <span class="refTitle">"Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile"</span>, <span class="seriesInfo">RFC 5280</span>, <span class="seriesInfo">DOI 10.17487/RFC5280</span>, <time datetime="2008-05" class="refDate">May 2008</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc5280">https://www.rfc-editor.org/rfc/rfc5280</a>&gt;</span>. </dd>
 <dd class="break"></dd>
-<dt id="RFC5911">[RFC5911]</dt>
+<dt id="RFC5912">[RFC5912]</dt>
         <dd>
-<span class="refAuthor">Hoffman, P.</span> and <span class="refAuthor">J. Schaad</span>, <span class="refTitle">"New ASN.1 Modules for Cryptographic Message Syntax (CMS) and S/MIME"</span>, <span class="seriesInfo">RFC 5911</span>, <span class="seriesInfo">DOI 10.17487/RFC5911</span>, <time datetime="2010-06" class="refDate">June 2010</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc5911">https://www.rfc-editor.org/rfc/rfc5911</a>&gt;</span>. </dd>
+<span class="refAuthor">Hoffman, P.</span> and <span class="refAuthor">J. Schaad</span>, <span class="refTitle">"New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX)"</span>, <span class="seriesInfo">RFC 5912</span>, <span class="seriesInfo">DOI 10.17487/RFC5912</span>, <time datetime="2010-06" class="refDate">June 2010</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc5912">https://www.rfc-editor.org/rfc/rfc5912</a>&gt;</span>. </dd>
 <dd class="break"></dd>
 <dt id="RFC5958">[RFC5958]</dt>
         <dd>
@@ -1667,7 +1668,7 @@ <h2 id="name-asn1-module">
 EXPORTS ALL;
 
 IMPORTS PUBLIC-KEY, SIGNATURE-ALGORITHM, SMIME-CAPS
-  FROM AlgorithmInformation-2009 -- in [RFC5911]
+  FROM AlgorithmInformation-2009 -- in [RFC5912]
   { iso(1) identified-organization(3) dod(6) internet(1)
     security(5) mechanisms(5) pkix(7) id-mod(0)
     id-mod-algorithmInformation-02(58) } ;
@@ -1738,7 +1739,7 @@ <h2 id="name-asn1-module">
 
 
 --
--- Expand the signature algorithm set used by CMS [RFC5911]
+-- Expand the signature algorithm set used by CMS [RFC5912]
 --
 
 SignatureAlgorithmSet SIGNATURE-ALGORITHM ::= {

dvg/my_original_review/draft-ietf-lamps-cms-ml-dsa.txt

@@ -17,8 +17,8 @@ Expires: 2 May 2025                                         D. Van Geest
 Abstract
 
    The Module-Lattice-Based Digital Signature Algorithm (ML-DSA), as
-   defined in FIPS 204, is a post-quantum digital signature scheme that
-   aims to be secure against an adversary in posession of a
+   defined in FIPS 204 [FIPS204], is a post-quantum digital signature
+   scheme that aims to be secure against an adversary in possession of a
    Cryptographically Relevant Quantum Computer (CRQC).  This document
    specifies the conventions for using the ML-DSA signature algorithm
    with the Cryptographic Message Syntax (CMS).  In addition, the
@@ -96,12 +96,13 @@ Table of Contents
 
    The Module-Lattice-Based Digital Signature Algorithm (ML-DSA) is a
    digital signature algorithm standardised by NIST as part of their
-   post-quantum cryptography standardization process.  It is intended to
-   be secure against both "traditional" cryptographic attacks, as well
-   as attacks utilising a quantum computer.  It offers smaller
-   signatures and significantly faster runtimes than SLH-DSA [FIPS203],
-   an alternative post-quantum signature algorithm also standardised by
-   NIST.
+   post-quantum cryptography standardization process.  Prior to
+   standardization, the algorithm was known as Dilithium.  ML-DSA and
+   Dilithium are not compatible.  It is intended to be secure against
+   both "traditional" cryptographic attacks, as well as attacks
+   utilising a quantum computer.  It offers smaller signatures and
+   significantly faster runtimes than SLH-DSA [FIPS203], an alternative
+   post-quantum signature algorithm also standardised by NIST.
 
    Prior to standardisation, the algorithm was known as Dilithium.  ML-
    DSA and Dilithium are not compatible.
@@ -153,7 +154,7 @@ Table of Contents
                       &Params({AlgorithmSet}{@algorithm}) OPTIONAL
            }
 
-   The above syntax is from [RFC5911] and is compatible with the 2021
+   The above syntax is from [RFC5912] and is compatible with the 2021
    ASN.1 syntax [X680].  See [RFC5280] for the 1988 ASN.1 syntax.
 
    The fields in the AlgorithmIdentifier type have the following
@@ -333,18 +334,18 @@ Table of Contents
       algorithm identifiers are used and the parameters field MUST be
       omitted.
 
-            +=====================+==========================+
-            | Signature algorithm | Message digest algorithm |
-            +=====================+==========================+
-            | ML-DSA-44           | SHAKE128                 |
-            +---------------------+--------------------------+
-            | ML-DSA-65           | SHAKE256                 |
-            +---------------------+--------------------------+
-            | ML-DSA-87           | SHAKE256                 |
-            +---------------------+--------------------------+
+          +=====================+==============================+
+          | Signature algorithm | Message digest algorithm     |
+          +=====================+==============================+
+          | ML-DSA-44           | SHAKE128 with 256 bit output |
+          +---------------------+------------------------------+
+          | ML-DSA-65           | SHAKE256 with 512 bit output |
+          +---------------------+------------------------------+
+          | ML-DSA-87           | SHAKE256 with 512 bit output |
+          +---------------------+------------------------------+
 
-              Table 1: Recommended message digest algorithms
-                     for ML-DSA signature algorithms
+            Table 1: Recommended message digest algorithms for
+                       ML-DSA signature algorithms
 
    signatureAlgorithm:  When signing a signed-data using ML-DSA, the
       signatureAlgorithm field MUST contain one of the ML-DSA signature
@@ -471,10 +472,10 @@ Table of Contents
               (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
               <https://www.rfc-editor.org/rfc/rfc5280>.
 
-   [RFC5911]  Hoffman, P. and J. Schaad, "New ASN.1 Modules for
-              Cryptographic Message Syntax (CMS) and S/MIME", RFC 5911,
-              DOI 10.17487/RFC5911, June 2010,
-              <https://www.rfc-editor.org/rfc/rfc5911>.
+   [RFC5912]  Hoffman, P. and J. Schaad, "New ASN.1 Modules for the
+              Public Key Infrastructure Using X.509 (PKIX)", RFC 5912,
+              DOI 10.17487/RFC5912, June 2010,
+              <https://www.rfc-editor.org/rfc/rfc5912>.
 
    [RFC5958]  Turner, S., "Asymmetric Key Packages", RFC 5958,
               DOI 10.17487/RFC5958, August 2010,
@@ -512,7 +513,7 @@ Appendix A.  ASN.1 Module
    EXPORTS ALL;
 
    IMPORTS PUBLIC-KEY, SIGNATURE-ALGORITHM, SMIME-CAPS
-     FROM AlgorithmInformation-2009 -- in [RFC5911]
+     FROM AlgorithmInformation-2009 -- in [RFC5912]
      { iso(1) identified-organization(3) dod(6) internet(1)
        security(5) mechanisms(5) pkix(7) id-mod(0)
        id-mod-algorithmInformation-02(58) } ;
@@ -583,7 +584,7 @@ Appendix A.  ASN.1 Module
 
 
    --
-   -- Expand the signature algorithm set used by CMS [RFC5911]
+   -- Expand the signature algorithm set used by CMS [RFC5912]
    --
 
    SignatureAlgorithmSet SIGNATURE-ALGORITHM ::= {

index.html

@@ -30,7 +30,7 @@ <h2>Preview for branch <a href="dvg/my_original_review">dvg/my_original_review</
       <tr>
         <td><a href="dvg/my_original_review/draft-ietf-lamps-cms-ml-dsa.html" class="html draft-ietf-lamps-cms-ml-dsa" title="Use of the ML-DSA Signature Algorithm in the Cryptographic Message Syntax (CMS) (HTML)">ML-DSA in CMS</a></td>
         <td><a href="dvg/my_original_review/draft-ietf-lamps-cms-ml-dsa.txt" class="txt draft-ietf-lamps-cms-ml-dsa" title="Use of the ML-DSA Signature Algorithm in the Cryptographic Message Syntax (CMS) (Text)">plain text</a></td>
-        <td>same as main</td>
+        <td><a href="https://author-tools.ietf.org/api/iddiff?url_1=https://lamps-wg.github.io/cms-ml-dsa/draft-ietf-lamps-cms-ml-dsa.txt&amp;url_2=https://lamps-wg.github.io/cms-ml-dsa/dvg/my_original_review/draft-ietf-lamps-cms-ml-dsa.txt" class="diff draft-ietf-lamps-cms-ml-dsa">diff with main</a></td>
       </tr>
     </table>
     <script>