You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -818,11 +818,17 @@ In the interests of simplicity and avoiding compatibility issues, implementation
## Key Usage Bits
For protocols such as X.509 [RFC5280] that specify key usage along with the public key, then the composite public key associated with a Composite ML-KEM algorithm MUST contain only a `keyEncipherment` key usage, all other key usages MUST NOT be used.
This is because the composite public key can only be used in situations
that are appropriate for both component algorithms, so even if the
classical component key supports both signing and encryption,
the post-quantum algorithms do not.
When any of the Composite ML-KEM `AlgorithmIdentifier` appears in the `SubjectPublicKeyInfo` field of an X.509 certificate [RFC5280], the key usage certificate extension MUST only contain
~~~
keyEncipherment
~~~
Composite ML-KEM keys MUST NOT be used in a "dual usage" mode because even if the
traditional component key supports both signing and encryption,
the post-quantum algorithms do not and therefore the overall composite algorithm does not.
