Technical Summary
The advent of quantum computing poses a significant threat to current
cryptographic systems. Traditional cryptographic signature
algorithms such as RSA, DSA and its elliptic curve variants are
vulnerable to quantum attacks. During the transition to post-quantum
cryptography (PQC), there is considerable uncertainty regarding the
robustness of both existing and new cryptographic algorithms. While
we can no longer fully trust traditional cryptography, we also cannot
immediately place complete trust in post-quantum replacements until
they have undergone extensive scrutiny and real-world testing to
uncover and rectify both algorithmic weaknesses as well as
implementation flaws across all the new implementations.
This document defines combinations of ML-DSA [FIPS.204] in hybrid
with traditional algorithms RSASSA-PKCS1-v1.5, RSASSA-PSS, ECDSA,
Ed25519, and Ed448. These combinations are tailored to meet
regulatory guidelines. Composite ML-DSA is applicable in
applications that uses X.509 or PKIX data structures that accept ML-
DSA, but where the operator wants extra protection against breaks or
catastrophic bugs in ML-DSA, and where EUF-CMA-level security is
acceptable.
Working Group Summary
There was a lot of debate, and many people asked for fewer combinations, but
in the end there were people that want each of the combinations that are
specified.
There is one IPR disclosure exists: https://datatracker.ietf.org/ipr/4761/
Document Quality
There is no Yang, MIB, or Media types.
ASN.1 is used. Once a placeholder values are inserted for the module
identifier and the algorithm identifiers that will be assigned by IANA,
the ASN.1 module compiles without error.
There is a downref to [RFC5915, and [RFC5639]. The IESG is asked to call
out these downrefs in the IETF Last Call, and then add them to the downref
registry.
Personnel
The Document Shepherd for this document is Russ Housley. The Responsible
Area Director is Deb Cooley.
IANA Note
(Insert IANA Note here or remove section)