Merge pull request #107 from lamps-wg/98-problems-with-the-use-in-cms…

…-underlying-components-section Adds rationale for use of SHA512 with MLDSA-44 in CMS section.
lamps-wg · Jan 29, 2025 · 0206e33 · 0206e33
2 parents 6d0a5b8 + 64aed9d
commit 0206e33
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/draft-ietf-lamps-pq-composite-sigs.md b/draft-ietf-lamps-pq-composite-sigs.md
@@ -1218,7 +1218,7 @@ where:
 
 # Use in CMS
 
-\[EDNOTE: The convention in LAMPS is to specify algorithms and their CMS conventions in separate documents. Here we have presented them in the same document, but this section has been written so that it can easily be moved to a standalone document.\]
+\[EDNOTE: The convention in LAMPS is to specify algorithms and their CMS conventions in separate documents. Here we have presented them in the same document, but this section has been written so that it can easily be moved to a stand-alone document.\]
 
 Composite Signature algorithms MAY be employed for one or more recipients in the CMS signed-data content type [RFC5652].
 
@@ -1251,6 +1251,8 @@ where:
 
 * SHA2 instantiations are defined in [FIPS180].
 
+Note: The rationale for using SHA512 with id-MLDSA44-Ed25519 is that Section 5.1 in [RFC8032] explicitly defines SHA512 as hash algorithm for Ed25519.
+
 Note:  The Hash ML-DSA Composite identifiers are not included in this list because the message content is already digested before being passed to the Composite-ML-DSA.Sign() function.
 
 ## SignedData Conventions