@techreport{ietf-lamps-pq-composite-sigs-19,
    number =    {draft-ietf-lamps-pq-composite-sigs-19},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-lamps-pq-composite-sigs/19/},
    author =    {Mike Ounsworth and John Gray and Massimiliano Pala and Jan Klaußner and Scott Fluhrer},
    title =     {{Composite Module-Lattice-Based Digital Signature Algorithm (ML-DSA) for use in X.509 Public Key Infrastructure}},
    pagetotal = 234,
    year =      2026,
    month =     apr,
    day =       21,
    abstract =  {This document defines combinations of US NIST Module-Lattice-Based Digital Signature Algorithm (ML-DSA) in hybrid with traditional algorithms RSASSA-PKCS1-v1.5, RSASSA-PSS, ECDSA, Ed25519, and Ed448. These combinations are tailored to meet regulatory guidelines in certain regions. Composite ML-DSA is applicable in applications that use X.509 or PKIX data structures that accept ML-DSA, but where the operator wants extra protection against breaks or catastrophic bugs in ML-DSA, and where existential unforgeability (EUF-CMA) level security is acceptable.},
}