Skip to main content

Internet X.509 Public Key Infrastructure: Algorithm Identifiers for SLH-DSA
draft-ietf-lamps-x509-slhdsa-02

Document Type Active Internet-Draft (lamps WG)
Authors Kaveh Bashiri , Scott Fluhrer , Stefan-Lukas Gazdag , Daniel Van Geest , Stavros Kousidis
Last updated 2024-10-14
Replaces draft-gazdag-x509-slhdsa
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status Proposed Standard
Formats
Additional resources Mailing list discussion
Stream WG state In WG Last Call
Document shepherd Russ Housley
IESG IESG state I-D Exists
Consensus boilerplate Yes
Telechat date (None)
Responsible AD (None)
Send notices to housley@vigilsec.com
draft-ietf-lamps-x509-slhdsa-02
LAMPS - Limited Additional Mechanisms for PKIX and SMIME      K. Bashiri
Internet-Draft                                                       BSI
Intended status: Standards Track                              S. Fluhrer
Expires: 17 April 2025                                     Cisco Systems
                                                               S. Gazdag
                                                              genua GmbH
                                                            D. Van Geest
                                                     CryptoNext Security
                                                             S. Kousidis
                                                                     BSI
                                                         14 October 2024

Internet X.509 Public Key Infrastructure: Algorithm Identifiers for SLH-
                                  DSA
                    draft-ietf-lamps-x509-slhdsa-02

Abstract

   Digital signatures are used within X.509 Public Key Infrastructure
   such as X.509 certificates, Certificate Revocation Lists (CRLs), and
   to sign messages.  This document describes the conventions for using
   the Stateless Hash-Based Digital Signature Standard (SLH-DSA) in
   X.509 Public Key Infrastructure.  The conventions for the associated
   signatures, subject public keys, and private keys are also described.

About This Document

   This note is to be removed before publishing as an RFC.

   Status information for this document may be found at
   https://datatracker.ietf.org/doc/draft-ietf-lamps-x509-slhdsa/.

   Discussion of this document takes place on the LAMPS Working Group
   mailing list (mailto:spasm@ietf.org), which is archived at
   https://mailarchive.ietf.org/arch/browse/spasm/.  Subscribe at
   https://www.ietf.org/mailman/listinfo/spasm/.

   Source for this draft and an issue tracker can be found at
   https://github.com/x509-hbs/draft-x509-slhdsa.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

Bashiri, et al.           Expires 17 April 2025                 [Page 1]
Internet-Draft              SLH-DSA for X.509               October 2024

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 17 April 2025.

Copyright Notice

   Copyright (c) 2024 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Conventions and Definitions . . . . . . . . . . . . . . . . .   3
   3.  Algorithm Identifiers . . . . . . . . . . . . . . . . . . . .   3
   4.  SLH-DSA Signatures  . . . . . . . . . . . . . . . . . . . . .   5
   5.  Subject Public Key Fields . . . . . . . . . . . . . . . . . .   5
   6.  Key Usage Bits  . . . . . . . . . . . . . . . . . . . . . . .   8
   7.  Private Key Format  . . . . . . . . . . . . . . . . . . . . .   9
   8.  Security Considerations . . . . . . . . . . . . . . . . . . .  10
   9.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  10
   10. References  . . . . . . . . . . . . . . . . . . . . . . . . .  10
     10.1.  Normative References . . . . . . . . . . . . . . . . . .  10
     10.2.  Informative References . . . . . . . . . . . . . . . . .  11
   Appendix A.  ASN.1 Module . . . . . . . . . . . . . . . . . . . .  13
   Appendix B.  Security Strengths . . . . . . . . . . . . . . . . .  14
   Appendix C.  Examples . . . . . . . . . . . . . . . . . . . . . .  15
     C.1.  Example Public Key  . . . . . . . . . . . . . . . . . . .  15
     C.2.  Example Private Key . . . . . . . . . . . . . . . . . . .  16
     C.3.  Example Certificate . . . . . . . . . . . . . . . . . . .  16
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .  30
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  30

Bashiri, et al.           Expires 17 April 2025                 [Page 2]
Internet-Draft              SLH-DSA for X.509               October 2024

1.  Introduction

   Stateless Hash-Based Digital Signatures (SLH-DSA) is a quantum-
   resistant digital signature scheme standardized in [FIPS205] by the
   US National Institute of Standards and Technology (NIST) PQC project
   [NIST-PQC].  Prior to standardization, the algorithm was known as
   SPHINCS+. SLH-DSA and SPHINCS+ are not compatible.  This document
   defines the ASN.1 Object Identifiers (OIDs) and conventions for the
   encoding of SLH-DSA digital signatures, public keys and private keys
   in the X.509 Public Key Infrastructure.

   SLH-DSA offers three security levels.  The parameters for each of the
   security levels were chosen to be at least as secure as a generic
   block cipher of 128, 192, or 256 bits.  There are small (s) and fast
   (f) versions of the algorithm, and the option to use SHA-256
   [FIPS180] or SHAKE256 [FIPS202] as internal hash functions.  The fast
   versions are optimized for key generation and signing speed, they are
   actually slower at verification than the small parameter sets.  For
   example, id-slh-dsa-shake-256s represents the 256-bit security level,
   the small version of the algorithm, and the use of SHAKE256.

   Separate algorithm identifiers have been assigned for SLH-DSA at each
   of these security levels, fast vs small, and SHA-256 vs SHAKE256.

   SLH-DSA offers two signature modes: pure mode and predigest mode.
   SLH-DSA signature operations include a context string as input.  The
   context string has a maximum length of 255 bytes.  By default, the
   context string is the empty string.  This document only specifies the
   use of pure mode with an empty context string for use in the X.509
   Public Key Infrastructure.

2.  Conventions and Definitions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

3.  Algorithm Identifiers

   The AlgorithmIdentifier type, which is included herein for
   convenience, is defined as follows:

Bashiri, et al.           Expires 17 April 2025                 [Page 3]
Internet-Draft              SLH-DSA for X.509               October 2024

   AlgorithmIdentifier{ALGORITHM-TYPE, ALGORITHM-TYPE:AlgorithmSet} ::=
           SEQUENCE {
               algorithm   ALGORITHM-TYPE.&id({AlgorithmSet}),
               parameters  ALGORITHM-TYPE.
                      &Params({AlgorithmSet}{@algorithm}) OPTIONAL
           }

   The above syntax is from [RFC5912] and is compatible with the 2021
   ASN.1 syntax [X680].  See [RFC5280] for the 1988 ASN.1 syntax.

   The fields in AlgorithmIdentifier have the following meanings:

   *  algorithm identifies the cryptographic algorithm with an object
      identifier.

   *  parameters, which are optional, are the associated parameters for
      the algorithm identifier in the algorithm field.

   The SLH-DSA OIDs are:

      nistAlgorithms OBJECT IDENTIFIER ::= { joint-iso-itu-t(2)
        country(16) us(840) organization(1) gov(101) csor(3) 4 }

      sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 }

      id-slh-dsa-sha2-128s OBJECT IDENTIFIER ::= { sigAlgs 20 }

      id-slh-dsa-sha2-128f OBJECT IDENTIFIER ::= { sigAlgs 21 }

      id-slh-dsa-sha2-192s OBJECT IDENTIFIER ::= { sigAlgs 22 }

      id-slh-dsa-sha2-192f OBJECT IDENTIFIER ::= { sigAlgs 23 }

      id-slh-dsa-sha2-256s OBJECT IDENTIFIER ::= { sigAlgs 24 }

      id-slh-dsa-sha2-256f OBJECT IDENTIFIER ::= { sigAlgs 25 }

      id-slh-dsa-shake-128s OBJECT IDENTIFIER ::= { sigAlgs 26 }

      id-slh-dsa-shake-128f OBJECT IDENTIFIER ::= { sigAlgs 27 }

      id-slh-dsa-shake-192s OBJECT IDENTIFIER ::= { sigAlgs 28 }

      id-slh-dsa-shake-192f OBJECT IDENTIFIER ::= { sigAlgs 29 }

      id-slh-dsa-shake-256s OBJECT IDENTIFIER ::= { sigAlgs 30 }

      id-slh-dsa-shake-256f OBJECT IDENTIFIER ::= { sigAlgs 31 }

Bashiri, et al.           Expires 17 April 2025                 [Page 4]
Internet-Draft              SLH-DSA for X.509               October 2024

   The contents of the parameters component for each algorithm are
   absent.

4.  SLH-DSA Signatures

   SLH-DSA is a digital signature scheme built upon hash functions.  The
   security of SLH-DSA relies on the presumed difficulty of finding
   preimages for hash functions as well as several related properties of
   the same hash functions.

   Signatures can be placed in a number of different ASN.1 structures.
   The top level structure for a certificate is given below as being
   illustrative of how signatures are frequently encoded with an
   algorithm identifier and a location for the signature.

      Certificate  ::=  SEQUENCE  {
         tbsCertificate       TBSCertificate,
         signatureAlgorithm   AlgorithmIdentifier,
         signatureValue       BIT STRING }

   The same algorithm identifiers are used for signatures as are used
   for public keys.  When used to identify signature algorithms, the
   parameters MUST be absent.

   The data to be signed is prepared for SLH-DSA.  Then, a private key
   operation is performed to generate the raw signature value.

   Section 9.2 of [FIPS205] defines an SLH-DSA signature as three
   elements, R, SIG_FORS and SIG_HT.  The raw octet string encoding of
   an SLH-DSA public key is the concatenation of these three elements,
   i.e. R || SIG_FORS || SIG_HT.  The raw octet string representing the
   signature is encoded directly in the BIT STRING without adding any
   additional ASN.1 wrapping.  For example, in the Certificate
   structure, the raw signature value is encoded in the "signatureValue"
   BIT STRING field.

5.  Subject Public Key Fields

   In the X.509 certificate, the subjectPublicKeyInfo field has the
   SubjectPublicKeyInfo type, which has the following ASN.1 syntax:

      SubjectPublicKeyInfo  ::=  SEQUENCE  {
         algorithm         AlgorithmIdentifier,
         subjectPublicKey  BIT STRING }

   The fields in SubjectPublicKeyInfo have the following meanings:

Bashiri, et al.           Expires 17 April 2025                 [Page 5]
Internet-Draft              SLH-DSA for X.509               October 2024

   *  algorithm is the algorithm identifier and parameters for the
      public key (see above).

   *  subjectPublicKey contains the byte stream of the public key.

   [I-D.draft-ietf-lamps-cms-sphincs-plus] defines the following public
   key identifiers for SLH-DSA:

      pk-slh-dsa-sha2-128s PUBLIC-KEY ::= {
         IDENTIFIER id-slh-dsa-sha2-128s
         -- KEY no ASN.1 wrapping --
         CERT-KEY-USAGE
            { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
         -- PRIVATE-KEY no ASN.1 wrapping -- }

      pk-slh-dsa-sha2-128f PUBLIC-KEY ::= {
         IDENTIFIER id-slh-dsa-sha2-128f
         -- KEY no ASN.1 wrapping --
         CERT-KEY-USAGE
            { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
         -- PRIVATE-KEY no ASN.1 wrapping -- }

      pk-slh-dsa-sha2-192s PUBLIC-KEY ::= {
         IDENTIFIER id-slh-dsa-sha2-192s
         -- KEY no ASN.1 wrapping --
         CERT-KEY-USAGE
            { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
         -- PRIVATE-KEY no ASN.1 wrapping -- }

      pk-slh-dsa-sha2-192f PUBLIC-KEY ::= {
         IDENTIFIER id-slh-dsa-sha2-192f
         -- KEY no ASN.1 wrapping --
         CERT-KEY-USAGE
            { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
         -- PRIVATE-KEY no ASN.1 wrapping -- }

      pk-slh-dsa-sha2-256s PUBLIC-KEY ::= {
         IDENTIFIER id-slh-dsa-sha2-256s
         -- KEY no ASN.1 wrapping --
         CERT-KEY-USAGE
            { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
         -- PRIVATE-KEY no ASN.1 wrapping -- }

      pk-slh-dsa-sha2-256f PUBLIC-KEY ::= {
         IDENTIFIER id-slh-dsa-sha2-256f
         -- KEY no ASN.1 wrapping --
         CERT-KEY-USAGE
            { digitalSignature, nonRepudiation, keyCertSign, cRLSign }

Bashiri, et al.           Expires 17 April 2025                 [Page 6]
Internet-Draft              SLH-DSA for X.509               October 2024

         -- PRIVATE-KEY no ASN.1 wrapping -- }

      pk-slh-dsa-shake-128s PUBLIC-KEY ::= {
         IDENTIFIER id-slh-dsa-shake-128s
         -- KEY no ASN.1 wrapping --
         CERT-KEY-USAGE
            { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
         -- PRIVATE-KEY no ASN.1 wrapping -- }

      pk-slh-dsa-shake-128f PUBLIC-KEY ::= {
         IDENTIFIER id-slh-dsa-shake-128f
         -- KEY no ASN.1 wrapping --
         CERT-KEY-USAGE
            { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
         -- PRIVATE-KEY no ASN.1 wrapping -- }

      pk-slh-dsa-shake-192s PUBLIC-KEY ::= {
         IDENTIFIER id-slh-dsa-shake-192s
         -- KEY no ASN.1 wrapping --
         CERT-KEY-USAGE
            { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
         -- PRIVATE-KEY no ASN.1 wrapping -- }

      pk-slh-dsa-shake-192f PUBLIC-KEY ::= {
         IDENTIFIER id-slh-dsa-shake-192f
         -- KEY no ASN.1 wrapping --
         CERT-KEY-USAGE
            { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
         -- PRIVATE-KEY no ASN.1 wrapping -- }

      pk-slh-dsa-shake-256s PUBLIC-KEY ::= {
         IDENTIFIER id-slh-dsa-shake-256s
         -- KEY no ASN.1 wrapping --
         CERT-KEY-USAGE
            { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
         -- PRIVATE-KEY no ASN.1 wrapping -- }

      pk-slh-dsa-shake-256f PUBLIC-KEY ::= {
         IDENTIFIER id-slh-dsa-shake-256f
         -- KEY no ASN.1 wrapping --
         CERT-KEY-USAGE
            { digitalSignature, nonRepudiation, keyCertSign, cRLSign }
         -- PRIVATE-KEY no ASN.1 wrapping -- }

      SLH-DSA-PublicKey ::= OCTET STRING

Bashiri, et al.           Expires 17 April 2025                 [Page 7]
Internet-Draft              SLH-DSA for X.509               October 2024

   Section 9.1 of [FIPS205] defines an SLH-DSA public key as two n-byte
   elements, PK.seed and PK.root.  The raw octet string encoding of an
   SLH-DSA public key is the concatenation of these two elements, i.e.
   PK.seed || PK.root.  The octet string length is 2*n bytes, where n is
   16, 24, or 32, depending on the parameter set.  When used in a
   SubjectPublicKeyInfo type, the subjectPublicKey BIT STRING contains
   the raw octet string encoding of the public key.

   [I-D.draft-ietf-lamps-cms-sphincs-plus] defines the SLH-DSA-PublicKey
   ASN.1 OCTET STRING type to provide an option for encoding a public
   key in an environment that uses ASN.1 encoding but doesn't define its
   own mapping of an SLH-DSA raw octet string to ASN.1.  To map an SLH-
   DSA-PublicKey OCTET STRING to a SubjectPublicKeyInfo, the OCTET
   STRING is mapped to the subjectPublicKey field (a value of type BIT
   STRING) as follows: the most significant bit of the OCTET STRING
   value becomes the most significant bit of the BIT STRING value, and
   so on; the least significant bit of the OCTET STRING becomes the
   least significant bit of the BIT STRING.

   The id-slh-dsa-* identifiers in Section 3 MUST be used as the
   algorithm field in the SubjectPublicKeyInfo sequence [RFC5280] to
   identify a SLH-DSA public key.

   Appendix C.1 contains an example of an id-slh-dsa-sha2-128s public
   key encoded using the textual encoding defined in [RFC7468].

6.  Key Usage Bits

   The intended application for the key is indicated in the keyUsage
   certificate extension; see Section 4.2.1.3 of [RFC5280].  If the
   keyUsage extension is present in a certificate that indicates an id-
   slh-dsa-* identifier in the SubjectPublicKeyInfo, then the at least
   one of following MUST be present:

       digitalSignature; or
       nonRepudiation; or
       keyCertSign; or
       cRLSign.

   If the keyUsage extension is present in a certificate that indicates
   an id-slh-dsa-* identifier in the SubjectPublicKeyInfo, then the
   following MUST NOT be present:

       keyEncipherment; or
       dataEncipherment; or
       keyAgreement; or
       encipherOnly; or
       decipherOnly.

Bashiri, et al.           Expires 17 April 2025                 [Page 8]
Internet-Draft              SLH-DSA for X.509               October 2024

   Requirements about the keyUsage extension bits defined in [RFC5280]
   still apply.

7.  Private Key Format

   "Asymmetric Key Packages" [RFC5958] describes how to encode a private
   key in a structure that both identifies what algorithm the private
   key is for and optionally allows for the public key and additional
   attributes about the key to be included as well.  For illustration,
   the ASN.1 structure OneAsymmetricKey is replicated below.

      OneAsymmetricKey ::= SEQUENCE {
         version Version,
         privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
         privateKey PrivateKey,
         attributes [0] IMPLICIT Attributes OPTIONAL,
         ...,
         [[2: publicKey [1] IMPLICIT PublicKey OPTIONAL ]],
         ...
      }

      PrivateKey ::= OCTET STRING

      PublicKey ::= BIT STRING

   Section 9.1 of [FIPS205] defines an SLH-DSA private key as four
   n-byte elements, SK.seed, SK.prf, PK.seed and PK.root.  The raw octet
   string encoding of an SLH-DSA private key is the concatenation of
   these four elements, i.e. SK.seed || SK.prf || PK.seed || PK.root.
   The octet string length is 4*n bytes, where n is 16, 24, or 32,
   depending on the parameter set.  When used in a OneAsymmetricKey
   type, the privateKey OCTET STRING contains the raw octet string
   encoding of the private key.

   When an SLH-DSA public key is included in a OneAsymmetricKey type, it
   is encoded in the same manner as in a SubjectPublicKeyInfo type.
   That is, the publicKey BIT STRING contains the raw octet string
   encoding of the public key.

   Appendix C.2 contains an example of an id-slh-dsa-sha2-128s private
   key encoded using the textual encoding defined in [RFC7468].

   NOTE: There exist some private key import functions that have not
   picked up the new ASN.1 structure OneAsymmetricKey that is defined in
   [RFC5958].  This means that they will not accept a private key
   structure that contains the public key field.  This means a balancing
   act needs to be done between being able to do a consistency check on
   the key pair and widest ability to import the key.

Bashiri, et al.           Expires 17 April 2025                 [Page 9]
Internet-Draft              SLH-DSA for X.509               October 2024

8.  Security Considerations

   The security considerations of [RFC5280] apply accordingly.

   Implementations MUST protect the private keys.  Compromise of the
   private keys may result in the ability to forge signatures.

   When generating an SLH-DSA key pair, an implementation MUST generate
   each key pair independently of all other key pairs in the SLH-DSA
   hypertree.

   A SLH-DSA tree MUST NOT be used for more than 2^64 signing
   operations.

   The generation of private keys relies on random numbers.  The use of
   inadequate pseudo-random number generators (PRNGs) to generate these
   values can result in little or no security.  An attacker may find it
   much easier to reproduce the PRNG environment that produced the keys,
   searching the resulting small set of possibilities, rather than brute
   force searching the whole key space.  The generation of quality
   random numbers is difficult, and [RFC4086] offers important guidance
   in this area.

   When computing signatures, implementations SHOULD include protections
   against fault injection attacks [CMP2018],[SLotH].  Protections
   against these attacks include signature verification prior to
   releasing the signature value to confirm that no error injected and
   generating the signature a few times to confirm that the same
   signature value is produced each time.

9.  IANA Considerations

   For the ASN.1 Module in the Appendix of this document, IANA is
   requested to assign an object identifier (OID) for the module
   identifier (TBD1) with a Description of "id-mod-x509-slh-dsa-2024".
   The OID for the module should be allocated in the "SMI Security for
   PKIX Module Identifier" registry (1.3.6.1.5.5.7.0).

10.  References

10.1.  Normative References

   [FIPS205]  National Institute of Standards and Technology (NIST),
              "Stateless Hash-Based Digital Signature Standard", FIPS
              PUB 205 , 13 August 2024,
              <https://doi.org/10.6028/NIST.FIPS.205>.

Bashiri, et al.           Expires 17 April 2025                [Page 10]
Internet-Draft              SLH-DSA for X.509               October 2024

   [I-D.draft-ietf-lamps-cms-sphincs-plus]
              Housley, R., Fluhrer, S., Kampanakis, P., and B.
              Westerbaan, "Use of the SLH-DSA Signature Algorithm in the
              Cryptographic Message Syntax (CMS)", Work in Progress,
              Internet-Draft, draft-ietf-lamps-cms-sphincs-plus-09, 21
              August 2024, <https://datatracker.ietf.org/doc/html/draft-
              ietf-lamps-cms-sphincs-plus-09>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/rfc/rfc2119>.

   [RFC5280]  Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
              Housley, R., and W. Polk, "Internet X.509 Public Key
              Infrastructure Certificate and Certificate Revocation List
              (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
              <https://www.rfc-editor.org/rfc/rfc5280>.

   [RFC5958]  Turner, S., "Asymmetric Key Packages", RFC 5958,
              DOI 10.17487/RFC5958, August 2010,
              <https://www.rfc-editor.org/rfc/rfc5958>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.

10.2.  Informative References

   [CMP2018]  Castelnovi, L., A, Martinelli, and T. Prest, "Grafting
              Trees: A Fault Attack Against the SPHINCS Framework",
              Lecture Notes in Computer Science vol 10786,
              PQCrypto 2018, Post-Quantum Cryptography pp. 165-184,
              2018, <https://link.springer.com/
              chapter/10.1007/978-3-319-79063-3_8>.

   [FIPS180]  Dang, Q. H. and NIST, "Secure Hash Standard", NIST Federal
              Information Processing Standards Publications 180-4,
              DOI 10.6028/NIST.FIPS.180-4, July 2015,
              <https://nvlpubs.nist.gov/nistpubs/FIPS/
              NIST.FIPS.180-4.pdf>.

   [FIPS202]  Dworkin, M., Dworkin, M. J., and NIST, "SHA-3 Standard:
              Permutation-Based Hash and Extendable-Output Functions",
              FIPS PUB 202, NIST Federal Information Processing
              Standards Publications 202, DOI 10.6028/nist.fips.202,
              DOI 10.6028/NIST.FIPS.202, August 2015,
              <http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf>.

Bashiri, et al.           Expires 17 April 2025                [Page 11]
Internet-Draft              SLH-DSA for X.509               October 2024

   [I-D.ietf-lamps-dilithium-certificates]
              Massimo, J., Kampanakis, P., Turner, S., and B.
              Westerbaan, "Internet X.509 Public Key Infrastructure:
              Algorithm Identifiers for ML-DSA", Work in Progress,
              Internet-Draft, draft-ietf-lamps-dilithium-certificates-
              04, 22 July 2024, <https://datatracker.ietf.org/doc/html/
              draft-ietf-lamps-dilithium-certificates-04>.

   [NIST-PQC] National Institute of Standards and Technology, "Post-
              Quantum Cryptography Project", 20 December 2016,
              <https://csrc.nist.gov/projects/post-quantum-
              cryptography>.

   [RFC4086]  Eastlake 3rd, D., Schiller, J., and S. Crocker,
              "Randomness Requirements for Security", BCP 106, RFC 4086,
              DOI 10.17487/RFC4086, June 2005,
              <https://www.rfc-editor.org/rfc/rfc4086>.

   [RFC5912]  Hoffman, P. and J. Schaad, "New ASN.1 Modules for the
              Public Key Infrastructure Using X.509 (PKIX)", RFC 5912,
              DOI 10.17487/RFC5912, June 2010,
              <https://www.rfc-editor.org/rfc/rfc5912>.

   [RFC7468]  Josefsson, S. and S. Leonard, "Textual Encodings of PKIX,
              PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468,
              April 2015, <https://www.rfc-editor.org/rfc/rfc7468>.

   [RFC8410]  Josefsson, S. and J. Schaad, "Algorithm Identifiers for
              Ed25519, Ed448, X25519, and X448 for Use in the Internet
              X.509 Public Key Infrastructure", RFC 8410,
              DOI 10.17487/RFC8410, August 2018,
              <https://www.rfc-editor.org/rfc/rfc8410>.

   [RFC8411]  Schaad, J. and R. Andrews, "IANA Registration for the
              Cryptographic Algorithm Object Identifier Range",
              RFC 8411, DOI 10.17487/RFC8411, August 2018,
              <https://www.rfc-editor.org/rfc/rfc8411>.

   [SLotH]    Saarinen, M-J., "Accelerating SLH-DSA by Two Orders of
              Magnitude with a Single Hash Unit", 2024,
              <https://eprint.iacr.org/2024/367.pdf>.

   [X680]     ITU-T, "Information Technology - Abstract Syntax Notation
              One (ASN.1): Specification of basic notation. ITU-T
              Recommendation X.680 (2021) | ISO/IEC 8824-1:2021.",
              February 2021, <https://www.itu.int/rec/T-REC-X.680>.

Bashiri, et al.           Expires 17 April 2025                [Page 12]
Internet-Draft              SLH-DSA for X.509               October 2024

Appendix A.  ASN.1 Module

   RFC EDITOR: Please replace TBD2 with the value assigned by IANA
   during the publication of [I-D.draft-ietf-lamps-cms-sphincs-plus].

   <CODE BEGINS>
   X509-SLH-DSA-Module-2024
     { iso(1) identified-organization(3) dod(6) internet(1) security(5)
       mechanisms(5) pkix(7) id-mod(0) id-mod-x509-slh-dsa-2024(TBD1) }

   DEFINITIONS IMPLICIT TAGS ::= BEGIN

   EXPORTS ALL;

   IMPORTS
     PUBLIC-KEY, SIGNATURE-ALGORITHM
       FROM AlgorithmInformation-2009  -- in [RFC5912]
       { iso(1) identified-organization(3) dod(6) internet(1)
         security(5) mechanisms(5) pkix(7) id-mod(0)
         id-mod-algorithmInformation-02(58) }

     pk-slh-dsa-sha2-128s, pk-slh-dsa-sha2-128f,
     pk-slh-dsa-sha2-192s, pk-slh-dsa-sha2-192f,
     pk-slh-dsa-sha2-256s, pk-slh-dsa-sha2-256f,
     pk-slh-dsa-shake-128s, pk-slh-dsa-shake-128f,
     pk-slh-dsa-shake-192s, pk-slh-dsa-shake-192f,
     pk-slh-dsa-shake-256s, pk-slh-dsa-shake-256f,
     sa-slh-dsa-sha2-128s, sa-slh-dsa-sha2-128f,
     sa-slh-dsa-sha2-192s, sa-slh-dsa-sha2-192f,
     sa-slh-dsa-sha2-256s, sa-slh-dsa-sha2-256f,
     sa-slh-dsa-shake-128s, sa-slh-dsa-shake-128f,
     sa-slh-dsa-shake-192s, sa-slh-dsa-shake-192f,
     sa-slh-dsa-shake-256s, sa-slh-dsa-shake-256f
       FROM SLH-DSA-Module-2024  -- in [I-D.draft-ietf-lamps-cms-sphincs-plus]
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
         id-smime(16) id-mod(0) id-mod-slh-dsa-2024(TBD2) } ;

   --
   -- Expand SignatureAlgorithms from RFC 5912
   --
   SignatureAlgorithms SIGNATURE-ALGORITHM ::= {
      sa-slh-dsa-sha2-128s |
      sa-slh-dsa-sha2-128f |
      sa-slh-dsa-sha2-192s |
      sa-slh-dsa-sha2-192f |
      sa-slh-dsa-sha2-256s |
      sa-slh-dsa-sha2-256f |
      sa-slh-dsa-shake-128s |

Bashiri, et al.           Expires 17 April 2025                [Page 13]
Internet-Draft              SLH-DSA for X.509               October 2024

      sa-slh-dsa-shake-128f |
      sa-slh-dsa-shake-192s |
      sa-slh-dsa-shake-192f |
      sa-slh-dsa-shake-256s |
      sa-slh-dsa-shake-256f,
      ... }

   --
   -- Expand PublicKeyAlgorithms from RFC 5912
   --
   PublicKeyAlgorithms PUBLIC-KEY ::= {
      pk-slh-dsa-sha2-128s |
      pk-slh-dsa-sha2-128f |
      pk-slh-dsa-sha2-192s |
      pk-slh-dsa-sha2-192f |
      pk-slh-dsa-sha2-256s |
      pk-slh-dsa-sha2-256f |
      pk-slh-dsa-shake-128s |
      pk-slh-dsa-shake-128f |
      pk-slh-dsa-shake-192s |
      pk-slh-dsa-shake-192f |
      pk-slh-dsa-shake-256s |
      pk-slh-dsa-shake-256f,
      ... }

   END
   <CODE ENDS>

Appendix B.  Security Strengths

   Instead of defining the strength of a quantum algorithm in a
   traditional manner using precise estimates of the number of bits of
   security, NIST has instead elected to define a collection of broad
   security strength categories.  Each category is defined by a
   comparatively easy-to-analyze reference primitive that cover a range
   of security strengths offered by existing NIST standards in symmetric
   cryptography, which NIST expects to offer significant resistance to
   quantum cryptanalysis.  These categories describe any attack that
   breaks the relevant security definition that must require
   computational resources comparable to or greater than those required
   for: Level 1 - key search on a block cipher with a 128-bit key (e.g.,
   AES128), Level 2 - collision search on a 256-bit hash function (e.g.,
   SHA256/ SHA3-256), Level 3 - key search on a block cipher with a
   192-bit key (e.g., AES192), Level 4 - collision search on a 384-bit
   hash function (e.g.  SHA384/SHA3-384), Level 5 - key search on a
   block cipher with a 256-bit key (e.g., AES 256).

Bashiri, et al.           Expires 17 April 2025                [Page 14]
Internet-Draft              SLH-DSA for X.509               October 2024

   The parameter sets defined for NIST security levels 1, 3 and 5 are
   listed in Table 1, along with the resulting signature size, public
   key, and private key sizes in bytes.

     +=======================+============+=======+==========+=======+
     | OID                   | NIST Level | Sig.  | Pub. Key | Priv. |
     |                       |            |       |          | Key   |
     +=======================+============+=======+==========+=======+
     | id-slh-dsa-sha2-128s  | 1          | 7856  | 32       | 64    |
     +-----------------------+------------+-------+----------+-------+
     | id-slh-dsa-sha2-128f  | 1          | 17088 | 32       | 64    |
     +-----------------------+------------+-------+----------+-------+
     | id-slh-dsa-sha2-192s  | 3          | 16224 | 48       | 96    |
     +-----------------------+------------+-------+----------+-------+
     | id-slh-dsa-sha2-192f  | 3          | 35664 | 48       | 96    |
     +-----------------------+------------+-------+----------+-------+
     | id-slh-dsa-sha2-256s  | 5          | 29792 | 64       | 128   |
     +-----------------------+------------+-------+----------+-------+
     | id-slh-dsa-sha2-256f  | 5          | 49856 | 64       | 128   |
     +-----------------------+------------+-------+----------+-------+
     | id-slh-dsa-shake-128s | 1          | 7856  | 32       | 64    |
     +-----------------------+------------+-------+----------+-------+
     | id-slh-dsa-shake-128f | 1          | 17088 | 32       | 64    |
     +-----------------------+------------+-------+----------+-------+
     | id-slh-dsa-shake-192s | 3          | 16224 | 48       | 96    |
     +-----------------------+------------+-------+----------+-------+
     | id-slh-dsa-shake-192f | 3          | 35664 | 48       | 96    |
     +-----------------------+------------+-------+----------+-------+
     | id-slh-dsa-shake-256s | 5          | 29792 | 64       | 128   |
     +-----------------------+------------+-------+----------+-------+
     | id-slh-dsa-shake-256f | 5          | 49856 | 64       | 128   |
     +-----------------------+------------+-------+----------+-------+

                    Table 1: SLH-DSA security strengths

Appendix C.  Examples

   This section contains examples of SLH-DSA public keys, private keys
   and certificates.

C.1.  Example Public Key

   An example of a SLH-DSA public key using id-slh-dsa-sha2-128s:

   -----BEGIN PUBLIC KEY-----
   MDAwCwYJYIZIAWUDBAMUAyEAK4EJ7Hd8qk4fAkzPz5SX2ZGAUJKA9CVq8rB6+AKJ
   tJQ=
   -----END PUBLIC KEY-----

Bashiri, et al.           Expires 17 April 2025                [Page 15]
Internet-Draft              SLH-DSA for X.509               October 2024

     0  48: SEQUENCE {
     2  11:   SEQUENCE {
     4   9:     OBJECT IDENTIFIER '2 16 840 1 101 3 4 3 20'
          :     }
    15  33:   BIT STRING
          :     2B 81 09 EC 77 7C AA 4E 1F 02 4C CF CF 94 97 D9
          :     91 80 50 92 80 F4 25 6A F2 B0 7A F8 02 89 B4 94
          :   }

C.2.  Example Private Key

   An example of a SLH-DSA private key without the public key using id-
   slh-dsa-sha2-128s:

   -----BEGIN PRIVATE KEY-----
   MFICAQAwCwYJYIZIAWUDBAMUBECiJjvKRYYINlIxYASVI9YhZ3+tkNUetgZ6Mn4N
   HmSlASuBCex3fKpOHwJMz8+Ul9mRgFCSgPQlavKwevgCibSU
   -----END PRIVATE KEY-----

     0  82: SEQUENCE {
     2   1:   INTEGER 0
     5  11:   SEQUENCE {
     7   9:     OBJECT IDENTIFIER '2 16 840 1 101 3 4 3 20'
          :     }
    18  64:   OCTET STRING
          :     A2 26 3B CA 45 86 08 36 52 31 60 04 95 23 D6 21
          :     67 7F AD 90 D5 1E B6 06 7A 32 7E 0D 1E 64 A5 01
          :     2B 81 09 EC 77 7C AA 4E 1F 02 4C CF CF 94 97 D9
          :     91 80 50 92 80 F4 25 6A F2 B0 7A F8 02 89 B4 94
          :   }

C.3.  Example Certificate

   An example or a self-signed SLH-DSA certificate using id-slh-dsa-
   sha2-128s:

   Certificate:
       Data:
           Version: 3 (0x2)
           Serial Number:
               70:fb:96:41:c3:74:53:9b:27:cb:07:bc:d2:bb:4a:bc:
               8a:5d:7a:25
           Signature Algorithm: slhdsa_sha2_128s
           Issuer: C=FR, L=Paris, O=Bogus SLH-DSA-SHA2-128s CA
           Validity
               Not Before: Oct  7 12:51:29 2024 GMT
               Not After : Oct  5 12:51:29 2034 GMT
           Subject: C=FR, L=Paris, O=Bogus SLH-DSA-SHA2-128s CA

Bashiri, et al.           Expires 17 April 2025                [Page 16]
Internet-Draft              SLH-DSA for X.509               October 2024

           Subject Public Key Info:
               Public Key Algorithm: slhdsa_sha2_128s
                   slhdsa_sha2_128s public key:
                   PQ key material:
                       2b:81:09:ec:77:7c:aa:4e:1f:02:4c:cf:cf:94:97:
                       d9:91:80:50:92:80:f4:25:6a:f2:b0:7a:f8:02:89:
                       b4:94
           X509v3 extensions:
               X509v3 Subject Key Identifier:
                   CD:59:36:AA:FE:C4:11:C7:A4:72:69:3F:0B:E8:B3:8B:
                   21:7B:19:ED
               X509v3 Authority Key Identifier:
                   CD:59:36:AA:FE:C4:11:C7:A4:72:69:3F:0B:E8:B3:8B:
                   21:7B:19:ED
               X509v3 Basic Constraints: critical
                   CA:TRUE
               X509v3 Key Usage:
                   Certificate Sign, CRL Sign
       Signature Algorithm: slhdsa_sha2_128s
       Signature Value:
           11:b2:e9:ee:da:b9:9b:da:da:db:eb:28:2f:9a:2d:31:e2:78:
           40:14:20:f6:67:ec:ca:3e:fa:db:c3:b9:ab:9e:fd:d1:b8:77:
           29:47:1b:40:c0:73:68:7e:89:de:ac:d8:9f:43:71:58:3f:3d:
           da:28:58:57:6d:e0:99:28:ae:30:e9:17:a7:20:c8:11:e1:fa:
           f6:d0:21:ef:01:60:79:93:ac:b4:94:63:97:af:71:14:4c:c5:
           cf:77:40:df:60:f5:8f:20:95:a4:c1:35:02:43:14:b8:1c:4a:
           01:1e:bd:17:01:b7:36:12:80:ab:29:58:98:bf:da:1d:52:8a:
           be:de:67:af:26:6f:61:46:cd:95:a4:de:4e:66:92:27:1a:e0:
           23:9f:66:18:d6:27:30:9f:d7:fe:b3:bb:28:3e:94:4a:88:20:
           93:18:07:cb:ce:1d:6b:10:f9:bc:b5:e8:c1:32:2a:1d:52:e0:
           39:ba:d5:e4:d6:01:a1:de:6f:11:90:5d:40:bb:73:fe:d9:7c:
           2c:ea:c7:05:85:d1:34:47:83:af:d8:43:37:94:ce:8d:89:ac:
           fc:0f:8c:2f:47:1d:ff:be:bd:7a:c5:e9:76:fc:9d:fc:95:19:
           45:a3:7d:80:1f:1d:c8:52:e6:05:4b:ed:f6:57:5e:82:92:78:
           dd:5d:bd:86:48:12:5f:ad:09:85:9e:16:aa:cc:23:9f:3f:60:
           b9:a6:e1:f1:76:41:2c:89:08:e4:b6:96:eb:20:93:bd:83:21:
           96:a4:55:fb:74:a9:11:2f:97:ec:76:02:4e:97:5c:d8:27:26:
           ee:78:03:1e:df:4b:ed:a6:d4:f9:70:6c:cb:04:29:50:3f:6c:
           a9:32:3e:08:55:89:71:e3:4e:dd:e3:cd:30:a0:5d:29:ff:40:
           d3:92:09:22:56:e2:31:fc:22:39:5b:46:c2:11:ed:93:04:1c:
           65:08:2d:4b:2f:ad:30:ef:ac:f9:b8:c1:a3:9f:5d:8c:c0:20:
           38:16:8c:43:75:ee:52:3b:20:a3:ec:8d:ea:90:5f:cd:77:86:
           42:fb:69:fe:a1:01:c4:4e:3b:55:b8:79:b4:36:1b:f4:be:a7:
           51:0f:ce:53:83:be:3a:68:0e:61:58:1b:18:cc:8b:e5:85:b5:
           3c:89:42:82:31:d4:00:d3:bd:b0:3e:9b:47:23:6a:b0:50:e9:
           37:66:17:d2:82:08:6d:26:07:e7:8a:a0:6e:07:62:4e:61:f9:
           a8:37:ce:91:9a:c9:a1:44:ee:73:a4:a1:b7:ae:6c:19:1d:d7:
           45:a2:15:4a:6f:83:25:c6:9c:0a:d8:78:24:ce:26:80:8d:b5:

Bashiri, et al.           Expires 17 April 2025                [Page 17]
Internet-Draft              SLH-DSA for X.509               October 2024

           a5:71:09:ba:40:17:7b:43:be:53:84:2f:0f:1e:49:7a:a9:82:
           73:73:55:52:22:83:72:2b:87:5d:31:f3:ef:39:58:18:12:6a:
           8b:30:65:d9:24:85:7d:db:3e:95:9e:99:4a:88:75:bd:21:19:
           e3:bc:2f:a9:cb:75:3c:19:f9:69:c7:88:f8:34:c0:f4:4d:1e:
           1b:40:70:98:7a:d9:04:d8:b1:06:d1:18:21:5e:bb:d0:fc:18:
           e0:c8:85:5b:89:09:19:ad:9d:ee:d8:32:d5:94:ab:93:30:7f:
           52:b3:fc:9e:20:69:48:33:a5:55:7f:f5:d7:77:b0:e6:9f:44:
           09:9c:d4:d8:9a:39:e6:84:fd:77:8e:21:b8:f6:cb:da:a2:af:
           5d:45:0b:97:50:bb:0c:41:09:a3:3b:c6:dd:b5:db:a1:56:df:
           f6:e4:1e:a4:05:ff:30:cb:8b:c8:45:9a:c1:70:9d:25:b2:7c:
           25:36:4e:72:04:2c:0e:07:0c:19:5f:f5:e4:7b:32:3b:6f:87:
           8c:c2:7a:f4:b3:74:f4:63:10:13:1e:ca:a5:bd:4a:99:ca:ca:
           3a:68:c6:d2:7d:1c:86:8c:13:af:23:12:cd:94:91:91:f3:6f:
           5e:85:a3:00:4d:a0:6b:c8:b3:49:51:ef:27:b5:9b:3e:4e:9b:
           9f:98:8a:e1:d6:b0:f1:13:15:90:c7:29:af:9a:9c:ad:d9:0e:
           cb:a0:de:8d:3d:bd:49:27:40:a0:86:3e:be:33:d4:fa:6d:c4:
           22:6b:2d:93:aa:89:70:1a:c0:f7:cd:ed:f5:80:9d:6d:f2:11:
           9b:ce:14:c9:07:40:d5:ec:d2:d9:54:57:d7:31:ef:89:e4:21:
           ca:f6:b9:66:99:8d:d9:96:3b:80:39:c8:4a:e7:10:dd:d4:b6:
           73:85:55:18:6d:98:16:62:b8:3a:57:24:7b:d9:fb:9b:e4:3d:
           39:4e:6c:cf:30:a1:c4:4a:67:d1:e2:c7:84:bf:68:85:c8:08:
           86:ce:b1:e7:f5:2e:58:6d:81:00:09:43:dd:0d:c2:99:6e:e5:
           ec:1e:c5:be:1b:43:3c:15:b4:69:7c:b7:36:75:ec:d2:b0:f2:
           67:8c:0f:a2:c1:f1:04:61:09:3a:d7:04:38:90:99:5b:d2:fc:
           1a:66:89:16:6d:01:93:76:81:38:a0:88:a5:2c:e7:eb:f6:e6:
           6a:ee:bf:6a:a1:c2:d1:cf:58:9a:00:54:ed:88:a3:fb:94:70:
           8b:f4:93:29:d8:d6:82:96:52:cd:aa:49:19:28:04:4b:85:a9:
           11:96:01:83:4d:5b:b0:16:25:7f:ba:c6:f4:e0:33:58:78:36:
           d8:9f:10:26:98:6f:d8:1f:03:5e:16:01:8b:32:6f:22:88:6c:
           16:88:c4:62:aa:23:1f:88:68:65:2c:89:21:28:72:17:6b:49:
           22:39:51:81:99:76:f8:1f:e3:09:66:90:a0:7b:57:57:bf:e2:
           c1:e2:92:b0:ea:e1:35:55:a8:d4:0f:69:d7:9d:4a:7d:25:fd:
           0e:92:bb:27:b1:fd:2f:55:21:6e:1d:ca:6b:37:51:d1:3f:56:
           3b:d8:7d:3e:4c:5b:4b:59:9a:db:1b:75:29:ca:8f:22:fa:b7:
           b7:72:dc:47:4c:9f:d4:bb:fb:dc:a5:ef:d4:08:54:95:85:7a:
           8a:9a:03:b0:cf:6b:7a:a5:50:78:f8:87:59:38:b4:24:c9:e1:
           2c:16:b6:82:b4:5b:73:6f:78:e3:0a:ec:5e:9b:b1:74:87:74:
           80:8f:ea:c8:eb:f8:ec:ad:20:96:a4:ff:44:3a:7a:e1:ba:b6:
           ba:d7:b5:0c:34:89:e1:84:83:2c:1c:b8:4f:2b:62:ec:da:68:
           4b:3a:23:97:0e:6f:50:3d:4c:e1:1a:54:67:5a:6c:97:65:bd:
           3c:19:db:e8:15:fd:19:13:33:c4:e1:59:3c:62:e4:19:09:b5:
           0a:d4:72:2b:60:2b:e3:be:5f:51:d9:b7:c1:56:b2:05:de:0e:
           26:ec:fc:a6:bc:8e:34:82:5f:8b:9f:5c:4e:e0:0f:10:40:64:
           f0:8d:9c:69:20:3b:da:38:07:df:01:41:4f:50:c1:27:6b:cb:
           7a:3b:4c:25:18:b6:d4:fd:ca:ee:47:d1:14:25:d4:d7:e1:3f:
           1a:62:78:74:1e:82:83:84:d2:6c:dd:fb:4c:11:6f:17:1f:35:
           d8:33:df:89:31:63:b4:c9:33:37:0a:ba:d6:f4:9b:2d:95:ed:
           ed:f1:b8:c4:bc:e4:e3:7b:73:6d:02:05:f4:27:69:42:f9:f1:

Bashiri, et al.           Expires 17 April 2025                [Page 18]
Internet-Draft              SLH-DSA for X.509               October 2024

           11:24:a0:21:fa:14:01:15:94:ea:3a:cb:f8:d8:bc:84:2e:54:
           13:84:59:ac:6b:4b:c4:02:02:a3:c2:cb:a5:f0:4b:c8:05:2a:
           fd:84:5a:dd:b7:d6:30:9a:3f:c2:a3:71:87:d8:f1:68:c0:d9:
           08:05:91:a0:cb:f2:81:af:b8:b5:be:88:07:a6:80:3a:6b:a5:
           9b:27:55:31:1f:33:cd:93:d8:c3:49:2d:f9:92:57:64:f0:a5:
           79:06:5b:48:a6:97:e0:b5:d4:6f:0c:27:84:b1:34:e6:a9:9c:
           2f:8e:9b:95:8b:ed:94:14:61:84:54:fc:09:b0:8e:62:9c:49:
           00:20:e2:55:bb:9e:53:0a:27:ff:47:59:ea:36:52:d5:fd:80:
           fd:a6:9d:1c:67:ac:53:18:4c:37:fa:4e:88:18:b5:24:f7:36:
           78:7b:c0:0c:b5:3d:65:f1:86:34:70:38:bf:19:b4:23:ab:72:
           bd:20:77:8a:58:4b:46:a6:3f:62:08:47:e5:58:57:d1:c2:0b:
           00:eb:5e:89:17:48:5e:a6:ec:c4:00:42:9d:42:6e:72:d7:2d:
           51:c9:0c:5f:a9:f6:80:a7:80:f1:1d:63:2e:8d:cf:29:12:bd:
           9b:c6:3f:f5:bf:34:f2:45:2a:cc:23:20:30:f9:a2:bc:d7:d0:
           b4:f5:1f:8e:ca:9c:9b:0c:58:00:f2:b7:a7:90:5c:72:e3:d5:
           20:fa:38:cc:e9:90:7e:09:57:51:48:0f:ab:ca:9c:b8:ca:d4:
           6b:0d:2f:0d:00:29:6b:5e:4a:e2:4f:c9:f4:98:fa:97:9e:6e:
           da:09:0d:00:ba:3b:97:79:b0:d6:6f:f7:66:87:75:c3:ca:df:
           ad:78:41:e6:51:fb:90:05:2e:aa:72:ed:e6:8d:69:c7:19:81:
           84:8a:65:f3:20:dc:97:f3:bd:a5:5f:d8:51:89:01:81:78:42:
           e5:38:ed:92:8e:d0:f3:5b:ff:cb:29:70:02:ec:d0:e1:cb:7e:
           9f:b5:7b:aa:6f:2d:1c:2a:cf:8e:69:7a:b2:b3:b4:0f:cb:1b:
           3b:3a:5f:c9:44:7b:06:cd:40:40:c0:b3:a5:b2:1d:97:43:90:
           14:c6:96:6c:c6:25:b7:fb:78:2b:fe:b7:db:1b:cb:9f:59:77:
           8e:0f:4f:d3:6d:37:56:11:01:b6:73:ec:a3:d1:27:12:13:0f:
           29:1e:74:c0:88:92:9a:62:65:e1:c2:bd:ea:79:04:d6:ef:71:
           41:43:99:c3:32:2a:f1:69:9f:53:10:5a:bf:93:8b:b9:91:75:
           b6:f9:cb:70:9a:02:87:c0:a8:2c:18:54:d4:b4:96:82:00:d0:
           b2:5b:89:1b:42:02:8a:56:35:7c:0a:40:02:7e:71:e8:3e:c9:
           75:55:c0:3e:18:e4:2d:40:ec:6b:93:c5:56:77:00:d5:c6:4b:
           f9:d7:95:9b:f0:96:67:5b:8d:25:23:64:0c:41:e3:68:3d:9a:
           11:5a:fa:7c:bc:62:30:ce:c3:52:c3:7c:6b:94:51:b6:b9:46:
           e8:1c:df:25:a5:e2:f7:3f:5d:5a:f5:a7:1d:25:24:5a:89:3c:
           83:38:57:7e:aa:62:2f:fb:69:0f:7b:a5:05:57:59:37:63:26:
           60:ed:b6:c4:35:fb:65:9b:1a:31:ff:f7:a3:69:2a:eb:bf:71:
           ef:b7:be:92:39:58:0f:9a:7f:b2:45:81:87:fd:e0:d4:80:e0:
           fb:67:ea:ad:9f:72:1a:d6:72:29:0b:67:f4:cf:be:f6:d2:a3:
           9d:c4:8a:df:c1:49:d2:7c:c7:e5:bc:a8:dc:35:6a:8b:bf:e1:
           8f:8a:03:88:8d:b2:8f:68:82:02:05:5a:71:32:c7:45:4c:d5:
           01:42:c6:1a:25:6d:66:22:33:a9:1a:cb:d9:c0:67:ac:7b:10:
           3c:7c:2b:db:25:26:c2:03:4f:cb:0b:10:47:96:66:8d:cd:5c:
           64:30:ba:65:51:5e:39:d3:7a:c8:60:8c:08:b2:26:1c:65:44:
           51:2a:cd:0a:49:59:c3:0e:de:8f:a0:49:d2:23:aa:2e:5f:9b:
           00:fa:ac:10:d5:bd:1b:ae:2f:d6:cd:e6:7b:27:f9:d4:47:32:
           c4:b9:dc:fd:85:e1:af:87:36:68:37:ad:f3:13:f1:b5:3d:a7:
           b5:5c:32:34:31:b4:84:83:76:1f:89:9c:10:99:8d:ec:c8:77:
           ec:ab:ab:fd:fd:3f:46:10:a7:8c:e8:2d:02:a4:e2:2a:ed:47:
           4f:ff:86:be:17:76:5e:d7:e6:f0:98:30:37:8e:87:f6:e4:40:

Bashiri, et al.           Expires 17 April 2025                [Page 19]
Internet-Draft              SLH-DSA for X.509               October 2024

           d8:6e:3b:b6:20:13:b4:87:15:bf:63:25:f7:94:f9:bd:85:f9:
           8b:43:47:d8:70:da:86:d8:2e:ff:9b:1f:ec:c9:f2:79:55:33:
           71:47:1e:0d:00:39:09:aa:e3:d7:3d:53:cb:05:b4:86:11:1c:
           e4:f3:e9:f5:6d:3f:bb:7e:78:50:6e:e9:fc:79:39:94:45:24:
           f0:5f:4c:5c:e9:12:2e:8e:b9:32:05:b4:2f:6e:73:cb:86:71:
           c9:60:39:9f:4f:0b:8f:d0:95:8b:6a:46:d4:15:28:ac:8b:51:
           73:f3:6d:7e:23:ae:89:1e:9f:1b:9e:1d:cf:0a:14:1a:64:39:
           16:b3:66:84:fd:10:65:33:9d:1e:4d:c9:e6:7c:f9:fe:5f:29:
           57:58:73:e4:30:53:af:39:fa:63:71:1a:33:e0:d4:ce:fb:3a:
           14:56:1d:9a:87:49:a0:02:41:c4:80:5f:06:0e:68:45:4d:1c:
           ca:35:4e:22:dd:e0:16:3d:a5:ef:e6:52:0c:32:7a:6a:f4:36:
           60:5e:78:39:61:f8:1e:34:e3:9f:ef:a1:44:6e:8d:80:fb:56:
           05:e5:17:13:54:a7:25:be:78:5b:35:55:42:d7:be:5d:d9:22:
           d9:ec:fc:01:9d:4e:47:e7:34:fc:51:ce:41:b8:be:d2:af:c6:
           17:c6:49:40:9c:f5:b5:6d:39:d0:a0:f9:7d:1d:39:eb:ea:26:
           79:3f:aa:96:8e:45:cf:68:e5:b4:30:0e:82:d7:2c:46:5b:6c:
           1f:a4:37:dc:04:d6:f6:10:9a:5e:27:a6:d3:b6:9a:7a:d3:e0:
           44:f1:59:96:36:f1:35:6f:60:62:78:5c:27:93:80:7e:14:16:
           32:d2:99:0b:fa:b3:eb:79:bc:0e:06:7e:06:26:46:8d:03:6a:
           f7:e0:86:d2:a9:3d:af:3c:90:ad:1e:b1:e8:90:4f:e0:32:47:
           59:a6:15:8e:f5:c6:98:45:fe:a0:87:e4:0d:d8:dc:ae:51:18:
           a7:6d:7a:f7:b0:51:b9:e0:9f:4a:91:d4:98:b3:88:a4:68:d9:
           6b:8c:09:f4:90:2d:f0:bc:c0:4a:79:13:73:b1:6e:ef:bb:0e:
           9a:3e:db:ce:ce:aa:f2:c0:e4:9b:86:2a:9d:e1:3d:87:38:d8:
           7a:bc:d5:d6:2a:6c:91:2d:1d:0a:3c:4d:53:15:06:cf:98:90:
           8b:9f:93:a4:04:f7:48:17:f1:7b:cc:dd:5f:33:3a:f3:ca:28:
           85:57:8f:c5:77:aa:53:43:c1:70:c3:e2:23:0b:d1:20:64:58:
           e4:11:2f:b8:c3:1d:8f:d4:b9:72:92:00:ef:68:3f:81:9d:6e:
           25:ef:42:1c:47:f6:be:ab:ef:fe:f2:d4:ee:80:bf:01:5f:90:
           f9:c8:e0:e9:c4:5b:3c:ab:4e:e6:35:cf:4f:a1:99:db:8e:07:
           25:ee:65:31:14:a3:d1:6e:f6:4e:7d:fa:df:c5:59:c7:29:bc:
           4e:fa:4e:a6:9f:a0:92:ce:4d:50:e4:87:78:33:c5:ed:ae:c9:
           b2:8a:07:66:64:0a:0a:0b:09:5f:98:7f:b4:a5:2d:ad:7b:50:
           9e:dd:02:62:0c:2a:1c:28:3a:ef:67:b1:c3:bb:4d:7a:6b:42:
           12:43:19:eb:45:c5:c4:b4:9b:41:c5:ea:a9:7f:21:c5:ab:b4:
           93:39:09:4f:d4:86:90:c3:7f:04:f0:51:8a:c6:af:86:ed:fe:
           7f:96:c1:8e:8a:46:6a:73:1d:bf:3a:ce:ea:a8:98:f0:84:11:
           85:18:b5:8f:53:44:77:ac:1b:58:2c:e7:a8:92:a5:f0:9d:b5:
           56:4d:8b:8a:35:7e:45:7e:06:6e:39:fe:7c:e1:00:d8:b7:bc:
           92:1f:7c:41:08:93:ec:7c:3b:8e:76:c2:39:46:98:ee:72:75:
           d6:e6:2a:b8:df:0c:03:6e:12:3c:ec:80:ba:c3:dd:26:14:80:
           51:5d:ab:6a:cf:36:e9:69:15:e5:51:0e:d4:15:47:81:39:2b:
           17:b6:57:3c:a5:11:a0:94:f0:d6:48:2b:dc:4a:7b:2f:d2:8d:
           5a:a8:d7:2a:3d:0c:73:d3:57:d2:fd:ee:66:85:75:53:75:0f:
           2a:f4:e5:78:50:0d:c2:d2:13:86:87:f9:45:99:86:1c:0a:16:
           27:a3:17:37:38:20:4c:93:87:aa:5e:9d:c0:e4:5c:b4:db:07:
           3c:d8:64:f8:0f:bf:de:71:ae:90:5a:58:4f:6c:8e:29:e2:01:
           06:7b:fc:71:b1:38:6d:16:64:49:12:d9:27:83:a1:66:eb:d8:

Bashiri, et al.           Expires 17 April 2025                [Page 20]
Internet-Draft              SLH-DSA for X.509               October 2024

           ac:07:4b:bf:4c:16:30:79:6e:18:27:98:50:d7:2b:87:14:67:
           fd:ea:57:6e:cc:cc:19:51:f9:56:10:d9:c9:be:ed:7a:21:43:
           cd:6e:79:6b:b6:a1:14:01:fd:4f:c7:de:e9:d3:1c:1a:fb:c0:
           23:11:5d:be:b2:a0:df:96:d1:db:a2:45:de:bd:b8:47:5c:97:
           22:88:d1:31:53:65:cf:68:2c:9e:1f:35:ae:45:20:57:bb:32:
           64:ff:3e:bd:8f:dd:3f:33:cd:b0:16:be:4b:ff:4d:22:e7:b7:
           ea:22:9a:6e:07:3d:49:b3:5a:4e:6a:49:d5:8b:4b:65:a9:03:
           da:dc:4e:fb:40:ea:ef:7e:9d:90:bd:82:77:4d:c5:66:07:73:
           2d:c4:98:c4:17:14:be:68:fb:57:f0:96:ab:08:8a:3a:ef:be:
           86:5d:42:57:bd:24:1f:e3:0f:b9:d3:38:19:af:e7:8b:d4:d1:
           19:53:fa:d0:58:06:70:d9:38:2f:f9:ad:11:ad:54:fd:28:65:
           fd:b6:fb:2a:b9:07:10:68:0b:55:ce:07:a6:ac:61:5b:b7:7c:
           5f:ea:75:98:53:96:fb:7a:f7:62:f6:be:d6:72:ed:9e:98:d5:
           cd:49:79:d9:3c:e1:87:cc:38:7d:dc:36:b4:74:1b:0e:d4:d8:
           be:07:c6:3c:e6:4c:ae:ac:22:9b:21:ba:f2:25:d0:a3:02:35:
           07:6a:fd:75:a5:ee:fa:77:77:fc:f5:e2:06:c5:88:c6:c5:b4:
           65:60:5e:9e:5a:f1:1d:1a:05:8b:6d:45:62:8b:9c:ee:76:04:
           11:93:4f:46:64:3b:76:d9:5f:ba:8d:74:4b:0f:00:ff:59:61:
           d5:60:8a:3d:ff:9c:aa:61:00:53:55:a8:56:64:86:4a:ce:5f:
           b0:95:75:96:8a:82:71:cb:05:5a:8c:47:a0:3c:a4:99:ce:a2:
           cf:f3:ed:69:9f:02:95:e7:c0:44:50:69:9f:42:e7:82:3b:68:
           5f:4f:ba:bb:21:b4:6e:4d:bd:ad:c0:8d:4d:a6:24:46:c3:0a:
           d6:0d:a0:96:7e:97:ff:81:30:dc:a9:09:69:d1:c4:b4:1b:0e:
           d5:b8:1d:5b:6f:62:56:66:0b:de:ff:6e:73:b1:e1:1f:fd:8c:
           55:b4:71:58:f8:c3:7e:61:29:a1:9c:7d:29:8e:49:54:6e:64:
           67:63:33:57:fd:d9:81:b0:91:0e:53:27:f1:b7:0c:08:de:c6:
           8c:34:9b:69:6c:63:e2:7e:41:6e:aa:fe:34:93:70:bf:ef:38:
           9d:29:ca:12:78:57:e2:6a:43:37:7b:9c:03:91:83:8a:7f:b3:
           23:d9:a7:e0:8c:3f:41:81:24:29:48:fe:fb:0f:7f:25:56:4d:
           a5:b3:4a:6d:19:73:a7:e0:c5:33:29:64:93:d2:3c:99:ee:d6:
           5e:33:31:71:ce:9f:be:50:d7:60:d0:92:40:1d:a3:40:32:58:
           cd:a3:38:8c:7d:2d:3e:70:02:ef:85:43:63:15:80:ee:3c:eb:
           41:99:0a:5b:18:06:6c:2e:2f:13:b6:0f:47:3f:6e:17:44:21:
           d3:6e:c6:50:09:54:00:48:71:c0:a0:5a:fa:26:de:78:0c:63:
           17:60:59:1e:6f:33:29:5a:08:81:5d:cb:4c:45:dc:4d:1c:a1:
           e3:e6:98:92:42:20:62:6a:4c:b2:f1:65:5b:ac:33:bd:3f:24:
           00:ae:44:d4:21:ee:5b:be:43:8f:df:88:75:22:7e:cd:8a:70:
           31:4b:77:b4:b7:c0:67:0d:45:ab:1c:30:f9:cd:de:12:f2:a5:
           14:41:8b:3f:74:f5:f3:43:ed:b7:0d:28:37:81:18:f9:f2:ef:
           18:e2:aa:f1:35:52:90:8d:9d:dd:11:1d:3b:0b:b5:96:41:76:
           70:c3:8f:14:aa:16:c7:90:6d:03:33:c0:eb:09:86:49:bf:7b:
           dc:ee:2e:0d:81:ca:e3:76:0d:31:b4:0b:3d:12:18:0a:6e:bf:
           fa:18:d7:21:b8:3b:ad:2f:c5:c2:03:72:4d:c9:04:6e:06:94:
           50:37:ea:b2:62:11:93:7f:ad:91:9d:af:24:37:61:85:d9:b8:
           41:9c:62:e9:17:12:3c:b3:08:41:cf:b0:13:6c:3b:d6:e9:11:
           60:bd:c0:aa:f7:8a:be:cc:7c:48:ce:ad:d4:83:a4:60:46:34:
           f4:c6:35:22:4c:22:76:38:66:2f:54:f9:a2:fc:6b:e2:cb:38:
           ff:3d:ad:18:a4:a5:78:8f:9c:d3:de:c2:70:2d:ac:fb:a3:1d:

Bashiri, et al.           Expires 17 April 2025                [Page 21]
Internet-Draft              SLH-DSA for X.509               October 2024

           fd:89:33:c1:d2:5e:50:5a:b1:ff:6c:b2:87:e3:20:da:09:af:
           73:d9:a0:f0:07:53:3d:01:d4:63:32:5a:15:14:da:12:77:6c:
           17:27:67:13:8c:0b:74:6a:98:40:11:45:22:87:8a:8e:3e:dc:
           1d:ad:4f:6c:c1:cc:7e:fa:a3:18:f8:42:cd:a9:28:33:7e:59:
           c4:65:36:b1:47:cb:7b:f4:db:77:51:20:43:e9:b3:db:21:d6:
           5b:a8:67:89:60:c8:67:e6:e6:95:2a:5a:ec:50:4e:ae:ff:79:
           8d:37:3d:a7:5c:b9:a6:cd:a8:68:50:17:2e:12:47:0c:b3:24:
           d3:52:6e:5b:81:4c:06:a2:f1:06:f4:24:64:e3:c6:83:19:1c:
           a9:07:7e:02:bd:7a:ab:2c:49:94:39:9d:d2:de:69:6d:43:fa:
           9a:59:08:34:ce:5c:29:12:71:a0:24:81:c8:7e:d6:77:30:8e:
           57:0a:38:19:e0:e4:f1:6c:ad:03:f5:09:26:b9:fe:e2:55:df:
           69:00:73:25:27:0c:21:c5:e1:7f:5b:c9:fa:53:77:80:f7:ee:
           71:c4:41:92:bf:2f:10:19:51:7f:68:8c:35:b2:63:49:be:eb:
           b9:07:66:fe:51:2a:ae:28:69:00:59:ec:eb:3a:52:54:1f:da:
           91:ca:b0:5b:72:c0:44:6e:46:8c:17:e5:51:20:ad:03:a8:d5:
           e7:a6:c4:b9:21:a8:ac:88:26:d9:43:10:84:76:14:78:d9:a3:
           4c:2b:74:41:e2:32:3e:47:31:eb:fc:67:e1:74:57:f1:e3:9b:
           15:2c:eb:b7:ac:3b:f1:9a:1a:2c:ab:04:c1:57:25:7c:e5:bb:
           2c:8e:56:5e:e5:99:77:05:d4:50:95:01:3e:ca:d7:8b:fa:37:
           11:dd:c1:35:f1:c1:cb:87:ca:55:74:45:3a:7e:81:e7:4f:42:
           d6:cb:6b:29:8b:21:55:09:db:ac:8a:57:34:45:e7:66:e4:d2:
           4f:d2:66:fc:34:8d:61:69:9a:f3:0e:54:1a:d6:cd:08:d5:cd:
           36:c0:02:46:18:1b:d2:16:0c:f1:f4:7b:7d:c8:89:23:35:7a:
           00:5d:7e:21:9d:58:fb:32:b1:9d:af:87:a8:8d:bb:b9:cd:b0:
           94:b2:14:72:88:42:12:50:b6:fe:ae:95:8c:ff:25:84:70:0d:
           cb:33:1f:f1:e7:e4:4d:27:d0:29:79:e8:92:d2:56:0a:c1:0e:
           60:c1:0f:c8:66:49:71:77:49:88:c5:5a:e1:86:93:f5:1a:24:
           6f:f4:0e:d6:58:f7:5c:68:7b:8f:9e:ac:4f:f2:2a:a2:df:d8:
           52:6f:80:96:0a:c1:f5:6c:6d:e6:c5:6d:7d:ca:13:2b:77:15:
           f2:8a:e5:ef:a9:ff:1c:f1:77:c0:e8:c0:f7:3b:5b:d1:b8:44:
           f3:e1:e2:18:d7:f9:d0:5f:24:48:70:cc:d6:0c:dd:9c:99:34:
           96:b9:f4:1b:8c:4e:5b:44:5e:96:11:a4:3a:62:d7:17:2b:19:
           e1:6f:4c:0d:c2:1e:96:7f:de:4b:5f:af:c8:84:b4:6e:92:e3:
           f1:d4:9d:4b:dd:bc:6c:c5:09:78:2a:10:71:fe:06:f8:75:c3:
           61:27:2a:6b:c4:a2:39:68:a3:ea:21:9e:1f:41:14:93:d9:88:
           e5:e5:9d:19:e5:a5:40:4a:5d:e7:c7:e4:0f:e8:a2:ce:89:42:
           6f:2a:7c:db:06:90:27:22:b8:54:fa:9a:59:fb:17:68:c5:27:
           a9:4a:57:a5:9c:8d:58:bf:a0:62:3b:4d:df:18:28:31:7c:17:
           30:37:d5:39:f1:92:2f:49:93:36:42:76:b6:c1:a1:ea:ca:89:
           7f:c6:77:f6:ba:21:b7:83:f2:79:aa:9f:50:79:48:a7:87:d9:
           4f:35:18:c4:53:11:95:c6:00:8e:67:66:d5:cb:c9:c2:14:37:
           61:26:49:e0:f4:40:b8:42:94:d8:0c:7a:c5:1f:63:01:6c:7b:
           b6:54:a5:ff:f8:08:0b:d2:16:d1:b0:79:9d:73:2c:01:7f:df:
           e6:93:27:70:82:7e:44:bb:6e:74:90:ba:c6:58:12:c6:65:7e:
           f8:9f:9e:e8:6d:ff:3d:cc:dd:8f:aa:10:3e:fe:60:b3:e0:5e:
           74:c0:82:bb:2a:e4:f9:5c:35:6d:81:ac:84:38:9f:f9:af:dd:
           ab:a2:ee:c6:48:9d:d2:fd:98:5a:e9:ba:15:3a:91:1b:bd:0a:
           cc:6f:1b:6a:ce:9a:5d:45:1d:bf:6a:53:e9:bb:ca:3a:02:32:

Bashiri, et al.           Expires 17 April 2025                [Page 22]
Internet-Draft              SLH-DSA for X.509               October 2024

           6d:b1:30:b6:6f:c3:28:6b:75:fa:8b:7c:9f:6a:de:ae:b6:bf:
           e8:11:a5:04:53:10:5d:65:f3:e5:03:0c:e3:c4:17:47:f1:25:
           87:73:3b:3e:c4:0c:c3:ac:d2:95:ab:39:ce:bb:1b:1a:c4:0c:
           32:c7:bf:30:f9:38:cf:46:b6:f8:ab:28:6a:ce:3f:5d:62:5c:
           85:58:61:c4:3d:53:0e:65:ca:f8:29:db:ed:53:4e:4b:b4:9b:
           87:4e:86:71:77:9a:35:4e:ca:bc:80:a1:5d:83:49:1a:24:99:
           5c:17:53:39:c4:7d:6b:65:a8:9c:79:7b:80:12:3a:6e:16:6c:
           32:53:4e:0a:9e:e6:b3:67:60:b6:f5:05:ca:a7:23:0a:23:df:
           80:c4:c5:da:ce:86:f1:6f:0b:0f:54:24:6b:e1:7b:84:a5:29:
           27:6c:f5:a1:a8:c1:47:1f:fd:01:c8:f6:22:1e:1b:65:52:ec:
           60:cf:b7:9f:4d:d3:a7:0a:db:ed:85:aa:c0:23:09:23:0c:59:
           c0:c4:4e:36:d4:0a:b2:ed:fb:ec:ed:ae:6d:1b:bb:5c:ec:a4:
           d7:c1:dc:74:d0:31:8a:be:74:cb:ba:b7:49:32:4b:6b:21:12:
           bd:a2:a1:fd:8e:95:91:09:f9:5e:c5:28:77:5d:60:6d:8c:f1:
           a0:53:52:47:4b:3e:89:c6:b0:8a:ac:d0:ba:7e:1c:d1:72:0d:
           38:73:fe:9b:56:48:8d:35:5e:2e:04:d1:f0:fd:d7:77:de:7f:
           af:3b:28:fc:ca:e0:bf:1e:de:12:48:14:65:21:bf:e1:ff:eb:
           d3:4b:c6:32:8f:cb:98:97:96:94:f0:ba:b4:7a:99:29:16:28:
           89:8d:07:5c:f7:b5:f4:bf:c3:cb:89:be:be:b6:04:b1:d4:cb:
           0a:39:79:ad:f2:6e:cd:82:f7:d2:85:8b:cf:79:6f:66:ad:df:
           48:16:a8:d7:24:50:f3:cc:ea:c8:db:2d:61:e1:81:90:f2:04:
           66:60:7a:03:2c:be:68:e9:23:8a:a7:89:eb:2d:f9:b1:30:28:
           04:93:b1:aa:0f:11:b4:0c:07:2f:7d:cb:fd:ca:2f:ba:2c:8a:
           2c:29:5b:af:91:55:32:66:31:16:a0:3e:f0:c1:34:77:18:14:
           65:55:fe:28:7c:4d:16:9e:88:1d:f2:0c:f5:ba:f3:01:ee:80:
           b1:2c:57:5f:9e:c9:af:aa:ba:5f:b7:29:a2:07:0b:4b:cf:59:
           79:de:6d:3e:1f:a2:ec:ff:47:1c:c6:91:35:64:31:1a:05:0f:
           57:dc:80:9c:c4:5d:32:26:e8:9b:80:58:25:64:85:03:1e:af:
           ee:68:fc:12:6a:ce:eb:81:84:80:59:c7:ee:49:0e:d4:e7:a3:
           23:2a:f3:3c:1f:4b:bf:8c:1b:19:83:b5:ea:5e:38:69:d8:87:
           42:97:28:9b:17:c2:42:89:47:34:16:42:a0:e3:4a:45:d2:75:
           61:d0:fe:40:b4:d7:f9:2d:cc:a8:52:c4:ea:45:f5:6f:b6:cf:
           79:1e:0a:e5:22:65:04:5d:6f:a4:56:59:11:22:69:e3:f4:44:
           fa:90:15:9a:7e:6b:45:1a:85:18:2f:02:2e:ec:5b:87:0e:11:
           6f:f4:48:19:40:b7:37:0b:ff:9e:51:8c:ee:89:ab:fb:73:c5:
           43:72:43:85:ca:b8:bd:0a:32:71:53:5e:8e:f6:12:c7:bf:74:
           be:4c:33:4b:5e:32:79:1c:8b:24:cf:7f:d0:ae:02:a8:0c:b2:
           18:91:10:83:ed:76:a0:64:1f:db:fa:ad:ec:2b:65:d6:f2:70:
           73:af:f0:cc:53:ed:ae:1d:00:67:1e:7c:3d:f2:d8:17:31:50:
           71:6f:d7:88:82:08:5d:6f:e0:21:af:14:c4:be:07:8b:c6:5c:
           00:81:0d:4a:d3:5b:ab:be:da:1e:a7:e3:68:df:16:9b:ec:16:
           0e:ae:2c:6f:69:27:5a:e2:97:b9:3b:ea:0a:b8:5c:77:a6:85:
           66:ab:be:23:4b:b0:24:74:72:65:04:c5:ef:36:ce:96:c2:40:
           c4:70:9d:42:2f:59:ea:93:a6:cd:71:e8:c3:41:d4:f6:b9:62:
           01:df:9a:46:28:d3:7f:cd:a6:f1:65:b4:23:4e:6a:e0:4a:29:
           38:35:fd:69:1a:c0:5a:d9:7f:a6:40:c1:df:c0:19:67:d1:f2:
           3b:85:e4:82:2b:d3:c0:42:cf:1a:28:fc:eb:b2:8b:9f:51:7c:
           8c:22:2c:ba:14:6c:14:46:31:d8:6e:c3:6e:08:92:f9:5a:a3:

Bashiri, et al.           Expires 17 April 2025                [Page 23]
Internet-Draft              SLH-DSA for X.509               October 2024

           64:49:51:03:f8:47:37:3b:a5:37:b0:98:87:d3:b8:d1:11:a4:
           03:8b:5a:3b:aa:bd:41:6c:ea:70:e3:d9:1c:3d:cb:fe:bc:f6:
           e2:e1:77:78:6e:84:7b:de:22:98:90:09:55:5b:40:18:23:3a:
           17:46:26:40:42:e7:a0:d1:71:01:5c:2b:a6:1a:62:e5:df:93:
           34:8b:85:ec:b4:c5:6f:1e:8a:4e:a9:f1:a8:11:16:cb:04:ff:
           f8:05:ad:d7:2b:9a:21:37:a6:44:18:4c:08:37:96:d1:b1:d7:
           2b:2d:cd:65:9a:8c:7c:d2:45:9a:c5:a8:21:a7:d9:d6:7b:01:
           64:85:7c:11:bc:48:0e:fa:1c:db:95:8f:91:e9:df:aa:3e:8b:
           28:f8:1b:42:d3:77:0a:4d:14:d6:7a:67:6f:ea:bb:54:e6:0a:
           5e:14:1d:14:ce:d1:28:51:83:2f:9f:ff:d4:78:19:15:1c:a7:
           fc:13:89:78:6b:ec:d8:3b:3d:a4:64:a0:d3:63:f2:9a:78:4e:
           0a:ba:76:ff:6e:50:8c:df:89:ce:59:ee:11:fa:d6:e1:5d:79:
           6b:59:9a:85:b0:45:f3:a9:72:8e:50:bd:5b:cd:a1:18:ee:63:
           82:2e:b2:64:c4:9c:07:7b:b9:29:e1:f3:5c:56:e6:33:53:1d:
           5a:3e:4c:30:e6:13:cb:6e:fd:28:9d:f6:47:c3:d7:74:07:07:
           dd:a2:80:db:01:88:65:8e:ac:dc:65:61:60:86:84:75:6b:b1:
           18:81:fc:69:f1:47:8b:33:74:98:9d:77:f4:2a:07:27:13:53:
           74:52:e1:b7:f7:c1:ca:4a:d2:80:e6:ff:b8:e1:50:70:05:05:
           db:66:3b:fd:3e:24:23:f1:bc:f5:19:8e:eb:b1:75:9a:e3:7c:
           32:93:6b:33:7c:1f:06:bd:3b:aa:8c:4f:39:c4:76:1e:84:cd:
           3e:8b:f1:39:c4:70:5f:0f:40:67:9c:00:b9:41:e2:f2:9d:fe:
           bb:54:ef:82:28:5c:90:68:1d:d4:ba:6f:5b:5e:1f:14:8a:b1:
           d3:c7:db:99:3e:de:6f:85:cc:ae:e6:dc:0e:a9:e9:da:d2:ee:
           00:4b:cf:65:be:ec:94:56:c1:37:13:94:4d:71:a0:58:a2:84:
           ce:8a:86:02:15:34:2f:01:71:79:04:87:28:dc:12:81:9e:0d:
           ee:7d:28:cf:69:d7:af:d1:a1:32:c6:55:11:c7:a2:8a:33:9f:
           0c:f9:e1:20:40:71:73:5b:60:dc:28:d0:b8:6c:06:8a:ed:74:
           4c:8e:29:5d:30:5b:d2:2d:c2:2d:b6:dc:d4:ff:ab:87:a6:6f:
           b1:c1:4e:91:76:29:02:2f:70:c6:b6:ab:3a:18:5c:7b:99:c0:
           fa:58:66:bb:1b:ac:af:34:1d:cf:5e:cc:78:80:d0:4c:39:f1:
           0c:45:74:99:8a:8b:8f:e6:2c:5f:6f:da:49:7f:80:e7:85:6e:
           ba:75:0a:ce:f0:2f:bc:5a:0c:b2:23:a3:81:dc:3e:48:cf:1b:
           0d:ea:3b:f5:29:ce:53:05:8f:3a:81:04:dd:fa:cf:10:df:41:
           2e:45:17:7f:f4:1e:31:6e:64:48:6e:31:a1:d2:ec:61:fd:8b:
           99:ed:1d:db:15:32:11:8e:36:97:96:1a:28:fd:6d:a9:88:d7:
           ff:21:bd:47:93:27:96:2b:ce:6a:4d:c3:f7:9b:ae:9b:35:e7:
           ae:4f:e3:47:f3:b7:ea:6b:79:31:f1:c7:53:fb:1f:83:1c:73:
           e3:eb:a9:19:d1:c8:3a:dc:ff:b0:39:cc:b3:5f:0e:a8:1c:82:
           b8:9f:4c:7c:35:32:d3:da:88:4b:d6:fc:c3:dd:d4:13:ad:38:
           04:a8:3b:c4:4a:8d:f8:69:85:2b:bc:94:96:f0:c7:9c:d1:84:
           11:a6:2f:eb:f5:6a:7a:d4:a9:44:cc:dc:cb:52:78:83:ee:8f:
           f5:60:49:a2:c4:b0:3c:6b:0e:78:c9:f6:87:6a:1b:6c:f2:20:
           72:18:cd:9d:05:da:3d:a2:b7:5b:39:90:7b:12:b4:d6:0b:eb:
           d0:98:8a:80:62:45:c0:8e:a5:a8:94:83:25:e9:20:8d:a4:e1:
           3c:ca:83:f7:9c:e4:49:4c:94:50:e1:e8:c7:bb:b4:e2:99:9c:
           72:86:4a:e7:20:cd:61:ff:10:a9:6a:83:92:cb:d8:21:d6:c1:
           c0:d7:2d:c1:45:47:85:28:05:56:67:33:56:ff:f5:bd:fb:c9:
           75:f3:ac:f0:5f:d8:c1:35:58:de:ca:98:ea:f0:03:fd:10:35:

Bashiri, et al.           Expires 17 April 2025                [Page 24]
Internet-Draft              SLH-DSA for X.509               October 2024

           92:f7:b1:36:d4:b5:f6:2d:32:59:f3:6a:fe:88:d1:6e:ca:65:
           fd:fe:a4:f8:a7:97:b8:e2:85:ac:3e:94:43:39:2a:0b:1c:d1:
           bc:80:fe:81:a1:f6:1b:58:7c:51:b2:3d:c3:74:93:db:5a:31:
           96:d1:87:db:57:99:05:3d:d4:6e:0d:7a:8b:5e:d8:b7:8b:b4:
           0b:71:5d:f2:7f:44:73:19:68:11:19:7c:09:e0:ae:29:76:59:
           e1:7e:27:17:f9:14:5e:c2:ab:89:e1:4c:20:ff:ce:ff:b8:55:
           59:dc:6a:59:a6:76:bd:66:67:e9:47:de:5c:70:18:ca:b3:96:
           be:c8:0d:54:48:6c:04:20:98:c1:ca:2a:46:c2:e5:70:56:25:
           1d:63:ef:9a:f0:0a:d0:f0:f1:26:79:da:67:41:55:0b:fe:ca:
           36:11:51:04:57:69:46:a8:c1:a6:d7:81:ab:2d:b4:45:b7:f0:
           69:cb:13:95:5a:55:8b:f7:f6:29:cc:2e:3e:75:e0:63:d6:72:
           c6:01:bb:2c:3d:22:0c:f8:e0:fb:67:41:32:5a:c8:9c:c3:e6:
           8c:91:46:29:2e:5e:3e:63:83:be:9a:b6:2f:42:4d:29:9e:1a:
           a5:f0:ed:74:65:b7:95:ce:bc:37:96:4f:9d:bf:f2:ff:65:76:
           63:77:30:fd:6c:cf:57:45:b1:e3:f0:72:52:78:00:d4:9d:d4:
           12:34:66:55:be:11:8d:c3:10:e9:d9:2d:db:36:d6:28:3e:93:
           db:cc:3c:cc:11:96:60:e7:2d:de:9e:90:02:47:dd:aa:9b:d7:
           bf:e6:7f:9e:6f:4d:88:fd:7d:e1:3f:52:88:ff:d4:9d:34:b8:
           74:ac:6d:13:d1:44:b3:e0:01:90:bd:e1:e3:94:aa:f3:9b:32:
           db:e6:91:8a:6a:7f:f4:cd:df:a4:83:8b:7d:4f:fd:e3:28:d7:
           9f:c6:64:92:05:03:22:38:17:b5:0e:03:87:73:90:82:bc:5d:
           e5:83:f8:9d:25:f6:1a:13:a4:40:f7:48:61:a9:f1:dd:07:99:
           74:0a:cd:6a:30:38:00:f2:0a:5a:c8:fe:cc:4c:c4:4d:67:6d:
           3f:04:24:d1:a4:f0:87:45:65:45:45:c6:7f:c7:ca:f9:90:79:
           7b:68:ce:cb:7a:d2:47:5e:06:82:e9:53:92:6b:7c:36:82:7b:
           15:67:fd:4a:6b:59:1f:a3:f4:e0:ed:c7:7f:94:fd:40:3a:bf:
           31:b7:98:53:8e:2e:4e:15:9a:8d:8c:16:17:b6:8a:61:08:ca:
           90:f1:7e:95:10:ae:08:c7:05:87:c8:e9:a9:cc:ac:2c:71:5e:
           2a:a8:5b:6a:e3:2c:85:ec:1e:9c:e3:c0:08:1b:17:2e:72:b1:
           44:e3:aa:b4:f0:5a:be:93:96:ad:da:84:52:bc:02:82:be:b8:
           36:88:61:32:06:5d:cf:20:c0:df:07:a1:14:f8:f4:8c:b5:5b:
           2c:d7:af:2b:1e:91:b6:d5:12:2b:68:23:12:8e:f0:c0:38:38:
           56:b4:93:65:f1:e5:80:43:3a:c4:90:21:ce:3f:e4:5e:e7:2e:
           4f:45:c3:e0:0a:81:37:5c:18:00:83:86:97:f3:6a:6b:7a:20:
           a8:4b:04:74:fa:e4:b8:90:84:da:5d:d6:b4:4c:fb:f1:98:43:
           04:8c:56:86:22:b1:73:06:31:76:8a:3d:35:e4:39:9e:b8:22:
           54:66:de:86:78:9a:13:24:56:52:bd:b5:c3:e9:65:c9:06:2e:
           bf:5e:ab:c9:d6:65:93:c5:a9:c0:48:b5:bb:b0:73:23:35:8a:
           f1:a6:6f:f8:0e:28:33:dd:6d:c2:71:7d:a9:7b:18:2c:f4:ef:
           72:c5:46:32:65:a9:80:91:e6:8e:57:dd:fa:38:88:8c:89:e1:
           50:76:7e:a0:98:a2:8b:1e:5a:f6:4a:34:3f:f9:70:05:b2:ba:
           6e:62:55:29:62:1a:31:3b:bf:71:f5:69:d9:73:fe:e4:1b:b9:
           46:aa:9e:db:fc:c5:36:9d:4d:06:9c:54:18:cf:e2:b4:af:2e:
           b3:5a:af:32:96:0f:89:ce:da:6e:13:58:0b:10:d3:84:af:f9:
           22:a7:cb:88:67:b4:b0:b4:24:82:1a:7a:7d:b0:32:5b:8a:73:
           07:90:b8:59:13:25:56:b5:ec:ec:56:e5:8e:ba:97:61:23:69:
           71:13:be:b2:c9:53:a1:78:26:fc:5c:fe:c3:02:d7:50:95:a8:
           8f:6e:81:b2:a2:de:a3:da:5a:66:e2:52:9f:6f:19:7e:49:28:

Bashiri, et al.           Expires 17 April 2025                [Page 25]
Internet-Draft              SLH-DSA for X.509               October 2024

           f5:b4:96:04:c2:a8:56:a3:1f:b8:6a:61:ec:12:25:e3:64:2a:
           f6:e1:9e:fb:d2:7e:5a:ce:f1:2c:22:81:c8:7c:ae:fb:69:a4:
           48:13:18:77:6d:c1:fb:da:0f:69:8d:1e:6e:93:75:23:ef:ae:
           a8:f1:75:45:16:5b:13:1d:12:64:e4:5a:b2:57:af:80:e0:c3:
           22:c8:e9:62:b8:8f:a7:eb:c7:c4:cd:c8:64:8b:e9:de:cb:e1:
           52:81:05:9c:16:77:4b:df:4e:aa:7f:0f:a8:ed:1e:ac:84:4d:
           96:86:5f:93:7f:7f:f6:2a:b4:b1:4f:94:5d:b3:8e:c5:ee:e4:
           59:33:6a:b4:2f:29:65:08:6a:af:6e:2f:80:c9:ff:90:a6:e9:
           3b:37:04:2d:66:b0:bd:45:78:d3:de:d4:ce:f4:67:95:2e:4f:
           bc:ef:00:85:cf:0a:a6:f5:c8:7f:12:58:09:cd:52:8f:f4:0c:
           b5:c1:40:7b:7b:46:c2:ac:19:76:1e:dc:ab:69:93:88:9b:4e:
           0f:fd:25:c5:7d:7d:18:3c:5c:62:96:0c:9a:e4:af:5c:4b:81:
           1c:ec:30:bc:a0:5c:45:3b:d7:8e:30:a8:a4:84:0e:12:58:68:
           90:ef:a1:09:0c:5b:32:11:1d:cd:12:94:d6:3e:37:03:4d:5a:
           cd:14:c1:2a:17:75:20:90:26:6a:ba:1d:78:83:11:fc:94:4d:
           08:ee:0d:09:75:21:47:36:f5:ff:57:42:15:19:eb:33:10:d7:
           bf:ea:94:97:41:d2:c5:67:32:e1:8e:97:c1:58:6b:c0:3c:45:
           26:d6:71:06:76:d2:fd:6c:07:f1:4e:ef:18:45:a3:b4:16:5f:
           42:0f:e2:dd:5d:e0:2f:34:c2:8e:72:b8:69:8d:a8:11:1b:3a:
           a9:13:8b:a4:62:af:73:3a:28:dc:c6:83:e7:c1:82:33:e6:c2:
           52:ff:ba:1d:78:61:d7:15:e0:b4:ad:90:5a:f3:1e:f4:cd:92:
           29:22:f9:7f:ed:99:44:ae:e4:67:a2:2d:75:4f:77:e2:0b:cd:
           29:80:2e:ae:5e:a5:85:a3:a2:09:31:51:82:98:0b:2c:7a:6b:
           96:ef:8d:c0:f5:1f:98:b4:f6:22:b6:21:6e:36:e3:bb:18:da:
           1d:24:46:0d:65:28:b6:6a

   -----BEGIN CERTIFICATE-----
   MIIgKjCCAWSgAwIBAgIUcPuWQcN0U5snywe80rtKvIpdeiUwCwYJYIZIAWUDBAMU
   MEIxCzAJBgNVBAYTAkZSMQ4wDAYDVQQHDAVQYXJpczEjMCEGA1UECgwaQm9ndXMg
   U0xILURTQS1TSEEyLTEyOHMgQ0EwHhcNMjQxMDA3MTI1MTI5WhcNMzQxMDA1MTI1
   MTI5WjBCMQswCQYDVQQGEwJGUjEOMAwGA1UEBwwFUGFyaXMxIzAhBgNVBAoMGkJv
   Z3VzIFNMSC1EU0EtU0hBMi0xMjhzIENBMDAwCwYJYIZIAWUDBAMUAyEAK4EJ7Hd8
   qk4fAkzPz5SX2ZGAUJKA9CVq8rB6+AKJtJSjYDBeMB0GA1UdDgQWBBTNWTaq/sQR
   x6RyaT8L6LOLIXsZ7TAfBgNVHSMEGDAWgBTNWTaq/sQRx6RyaT8L6LOLIXsZ7TAP
   BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjALBglghkgBZQMEAxQDgh6xABGy
   6e7auZva2tvrKC+aLTHieEAUIPZn7Mo++tvDuaue/dG4dylHG0DAc2h+id6s2J9D
   cVg/PdooWFdt4JkorjDpF6cgyBHh+vbQIe8BYHmTrLSUY5evcRRMxc93QN9g9Y8g
   laTBNQJDFLgcSgEevRcBtzYSgKspWJi/2h1Sir7eZ68mb2FGzZWk3k5mkica4COf
   ZhjWJzCf1/6zuyg+lEqIIJMYB8vOHWsQ+by16MEyKh1S4Dm61eTWAaHebxGQXUC7
   c/7ZfCzqxwWF0TRHg6/YQzeUzo2JrPwPjC9HHf++vXrF6Xb8nfyVGUWjfYAfHchS
   5gVL7fZXXoKSeN1dvYZIEl+tCYWeFqrMI58/YLmm4fF2QSyJCOS2lusgk72DIZak
   Vft0qREvl+x2Ak6XXNgnJu54Ax7fS+2m1PlwbMsEKVA/bKkyPghViXHjTt3jzTCg
   XSn/QNOSCSJW4jH8IjlbRsIR7ZMEHGUILUsvrTDvrPm4waOfXYzAIDgWjEN17lI7
   IKPsjeqQX813hkL7af6hAcROO1W4ebQ2G/S+p1EPzlODvjpoDmFYGxjMi+WFtTyJ
   QoIx1ADTvbA+m0cjarBQ6TdmF9KCCG0mB+eKoG4HYk5h+ag3zpGayaFE7nOkobeu
   bBkd10WiFUpvgyXGnArYeCTOJoCNtaVxCbpAF3tDvlOELw8eSXqpgnNzVVIig3Ir
   h10x8+85WBgSaoswZdkkhX3bPpWemUqIdb0hGeO8L6nLdTwZ+WnHiPg0wPRNHhtA
   cJh62QTYsQbRGCFeu9D8GODIhVuJCRmtne7YMtWUq5Mwf1Kz/J4gaUgzpVV/9dd3

Bashiri, et al.           Expires 17 April 2025                [Page 26]
Internet-Draft              SLH-DSA for X.509               October 2024

   sOafRAmc1NiaOeaE/XeOIbj2y9qir11FC5dQuwxBCaM7xt2126FW3/bkHqQF/zDL
   i8hFmsFwnSWyfCU2TnIELA4HDBlf9eR7Mjtvh4zCevSzdPRjEBMeyqW9SpnKyjpo
   xtJ9HIaME68jEs2UkZHzb16FowBNoGvIs0lR7ye1mz5Om5+YiuHWsPETFZDHKa+a
   nK3ZDsug3o09vUknQKCGPr4z1PptxCJrLZOqiXAawPfN7fWAnW3yEZvOFMkHQNXs
   0tlUV9cx74nkIcr2uWaZjdmWO4A5yErnEN3UtnOFVRhtmBZiuDpXJHvZ+5vkPTlO
   bM8wocRKZ9Hix4S/aIXICIbOsef1LlhtgQAJQ90Nwplu5ewexb4bQzwVtGl8tzZ1
   7NKw8meMD6LB8QRhCTrXBDiQmVvS/BpmiRZtAZN2gTigiKUs5+v25mruv2qhwtHP
   WJoAVO2Io/uUcIv0kynY1oKWUs2qSRkoBEuFqRGWAYNNW7AWJX+6xvTgM1h4Ntif
   ECaYb9gfA14WAYsybyKIbBaIxGKqIx+IaGUsiSEochdrSSI5UYGZdvgf4wlmkKB7
   V1e/4sHikrDq4TVVqNQPadedSn0l/Q6Suyex/S9VIW4dyms3UdE/VjvYfT5MW0tZ
   mtsbdSnKjyL6t7dy3EdMn9S7+9yl79QIVJWFeoqaA7DPa3qlUHj4h1k4tCTJ4SwW
   toK0W3NveOMK7F6bsXSHdICP6sjr+OytIJak/0Q6euG6trrXtQw0ieGEgywcuE8r
   YuzaaEs6I5cOb1A9TOEaVGdabJdlvTwZ2+gV/RkTM8ThWTxi5BkJtQrUcitgK+O+
   X1HZt8FWsgXeDibs/Ka8jjSCX4ufXE7gDxBAZPCNnGkgO9o4B98BQU9QwSdry3o7
   TCUYttT9yu5H0RQl1NfhPxpieHQegoOE0mzd+0wRbxcfNdgz34kxY7TJMzcKutb0
   my2V7e3xuMS85ON7c20CBfQnaUL58REkoCH6FAEVlOo6y/jYvIQuVBOEWaxrS8QC
   AqPCy6XwS8gFKv2EWt231jCaP8KjcYfY8WjA2QgFkaDL8oGvuLW+iAemgDprpZsn
   VTEfM82T2MNJLfmSV2TwpXkGW0iml+C11G8MJ4SxNOapnC+Om5WL7ZQUYYRU/Amw
   jmKcSQAg4lW7nlMKJ/9HWeo2UtX9gP2mnRxnrFMYTDf6TogYtST3Nnh7wAy1PWXx
   hjRwOL8ZtCOrcr0gd4pYS0amP2IIR+VYV9HCCwDrXokXSF6m7MQAQp1CbnLXLVHJ
   DF+p9oCngPEdYy6NzykSvZvGP/W/NPJFKswjIDD5orzX0LT1H47KnJsMWADyt6eQ
   XHLj1SD6OMzpkH4JV1FID6vKnLjK1GsNLw0AKWteSuJPyfSY+peebtoJDQC6O5d5
   sNZv92aHdcPK3614QeZR+5AFLqpy7eaNaccZgYSKZfMg3JfzvaVf2FGJAYF4QuU4
   7ZKO0PNb/8spcALs0OHLfp+1e6pvLRwqz45perKztA/LGzs6X8lEewbNQEDAs6Wy
   HZdDkBTGlmzGJbf7eCv+t9sby59Zd44PT9NtN1YRAbZz7KPRJxITDykedMCIkppi
   ZeHCvep5BNbvcUFDmcMyKvFpn1MQWr+Ti7mRdbb5y3CaAofAqCwYVNS0loIA0LJb
   iRtCAopWNXwKQAJ+ceg+yXVVwD4Y5C1A7GuTxVZ3ANXGS/nXlZvwlmdbjSUjZAxB
   42g9mhFa+ny8YjDOw1LDfGuUUba5Rugc3yWl4vc/XVr1px0lJFqJPIM4V36qYi/7
   aQ97pQVXWTdjJmDttsQ1+2WbGjH/96NpKuu/ce+3vpI5WA+af7JFgYf94NSA4Ptn
   6q2fchrWcikLZ/TPvvbSo53Eit/BSdJ8x+W8qNw1aou/4Y+KA4iNso9oggIFWnEy
   x0VM1QFCxholbWYiM6kay9nAZ6x7EDx8K9slJsIDT8sLEEeWZo3NXGQwumVRXjnT
   eshgjAiyJhxlRFEqzQpJWcMO3o+gSdIjqi5fmwD6rBDVvRuuL9bN5nsn+dRHMsS5
   3P2F4a+HNmg3rfMT8bU9p7VcMjQxtISDdh+JnBCZjezId+yrq/39P0YQp4zoLQKk
   4irtR0//hr4Xdl7X5vCYMDeOh/bkQNhuO7YgE7SHFb9jJfeU+b2F+YtDR9hw2obY
   Lv+bH+zJ8nlVM3FHHg0AOQmq49c9U8sFtIYRHOTz6fVtP7t+eFBu6fx5OZRFJPBf
   TFzpEi6OuTIFtC9uc8uGcclgOZ9PC4/QlYtqRtQVKKyLUXPzbX4jrokenxueHc8K
   FBpkORazZoT9EGUznR5NyeZ8+f5fKVdYc+QwU685+mNxGjPg1M77OhRWHZqHSaAC
   QcSAXwYOaEVNHMo1TiLd4BY9pe/mUgwyemr0NmBeeDlh+B4045/voURujYD7VgXl
   FxNUpyW+eFs1VULXvl3ZItns/AGdTkfnNPxRzkG4vtKvxhfGSUCc9bVtOdCg+X0d
   OevqJnk/qpaORc9o5bQwDoLXLEZbbB+kN9wE1vYQml4nptO2mnrT4ETxWZY28TVv
   YGJ4XCeTgH4UFjLSmQv6s+t5vA4GfgYmRo0DavfghtKpPa88kK0eseiQT+AyR1mm
   FY71xphF/qCH5A3Y3K5RGKdtevewUbngn0qR1JiziKRo2WuMCfSQLfC8wEp5E3Ox
   bu+7Dpo+287OqvLA5JuGKp3hPYc42Hq81dYqbJEtHQo8TVMVBs+YkIufk6QE90gX
   8XvM3V8zOvPKKIVXj8V3qlNDwXDD4iML0SBkWOQRL7jDHY/UuXKSAO9oP4GdbiXv
   QhxH9r6r7/7y1O6AvwFfkPnI4OnEWzyrTuY1z0+hmduOByXuZTEUo9Fu9k59+t/F
   WccpvE76TqafoJLOTVDkh3gzxe2uybKKB2ZkCgoLCV+Yf7SlLa17UJ7dAmIMKhwo
   Ou9nscO7TXprQhJDGetFxcS0m0HF6ql/IcWrtJM5CU/UhpDDfwTwUYrGr4bt/n+W
   wY6KRmpzHb86zuqomPCEEYUYtY9TRHesG1gs56iSpfCdtVZNi4o1fkV+Bm45/nzh

Bashiri, et al.           Expires 17 April 2025                [Page 27]
Internet-Draft              SLH-DSA for X.509               October 2024

   ANi3vJIffEEIk+x8O452wjlGmO5yddbmKrjfDANuEjzsgLrD3SYUgFFdq2rPNulp
   FeVRDtQVR4E5Kxe2VzylEaCU8NZIK9xKey/SjVqo1yo9DHPTV9L97maFdVN1Dyr0
   5XhQDcLSE4aH+UWZhhwKFiejFzc4IEyTh6pencDkXLTbBzzYZPgPv95xrpBaWE9s
   jiniAQZ7/HGxOG0WZEkS2SeDoWbr2KwHS79MFjB5bhgnmFDXK4cUZ/3qV27MzBlR
   +VYQ2cm+7XohQ81ueWu2oRQB/U/H3unTHBr7wCMRXb6yoN+W0duiRd69uEdclyKI
   0TFTZc9oLJ4fNa5FIFe7MmT/Pr2P3T8zzbAWvkv/TSLnt+oimm4HPUmzWk5qSdWL
   S2WpA9rcTvtA6u9+nZC9gndNxWYHcy3EmMQXFL5o+1fwlqsIijrvvoZdQle9JB/j
   D7nTOBmv54vU0RlT+tBYBnDZOC/5rRGtVP0oZf22+yq5BxBoC1XOB6asYVu3fF/q
   dZhTlvt692L2vtZy7Z6Y1c1Jedk84YfMOH3cNrR0Gw7U2L4HxjzmTK6sIpshuvIl
   0KMCNQdq/XWl7vp3d/z14gbFiMbFtGVgXp5a8R0aBYttRWKLnO52BBGTT0ZkO3bZ
   X7qNdEsPAP9ZYdVgij3/nKphAFNVqFZkhkrOX7CVdZaKgnHLBVqMR6A8pJnOos/z
   7WmfApXnwERQaZ9C54I7aF9PurshtG5Nva3AjU2mJEbDCtYNoJZ+l/+BMNypCWnR
   xLQbDtW4HVtvYlZmC97/bnOx4R/9jFW0cVj4w35hKaGcfSmOSVRuZGdjM1f92YGw
   kQ5TJ/G3DAjexow0m2lsY+J+QW6q/jSTcL/vOJ0pyhJ4V+JqQzd7nAORg4p/syPZ
   p+CMP0GBJClI/vsPfyVWTaWzSm0Zc6fgxTMpZJPSPJnu1l4zMXHOn75Q12DQkkAd
   o0AyWM2jOIx9LT5wAu+FQ2MVgO4860GZClsYBmwuLxO2D0c/bhdEIdNuxlAJVABI
   ccCgWvom3ngMYxdgWR5vMylaCIFdy0xF3E0coePmmJJCIGJqTLLxZVusM70/JACu
   RNQh7lu+Q4/fiHUifs2KcDFLd7S3wGcNRascMPnN3hLypRRBiz909fND7bcNKDeB
   GPny7xjiqvE1UpCNnd0RHTsLtZZBdnDDjxSqFseQbQMzwOsJhkm/e9zuLg2ByuN2
   DTG0Cz0SGApuv/oY1yG4O60vxcIDck3JBG4GlFA36rJiEZN/rZGdryQ3YYXZuEGc
   YukXEjyzCEHPsBNsO9bpEWC9wKr3ir7MfEjOrdSDpGBGNPTGNSJMInY4Zi9U+aL8
   a+LLOP89rRikpXiPnNPewnAtrPujHf2JM8HSXlBasf9ssofjINoJr3PZoPAHUz0B
   1GMyWhUU2hJ3bBcnZxOMC3RqmEARRSKHio4+3B2tT2zBzH76oxj4Qs2pKDN+WcRl
   NrFHy3v023dRIEPps9sh1luoZ4lgyGfm5pUqWuxQTq7/eY03PadcuabNqGhQFy4S
   RwyzJNNSbluBTAai8Qb0JGTjxoMZHKkHfgK9eqssSZQ5ndLeaW1D+ppZCDTOXCkS
   caAkgch+1ncwjlcKOBng5PFsrQP1CSa5/uJV32kAcyUnDCHF4X9byfpTd4D37nHE
   QZK/LxAZUX9ojDWyY0m+67kHZv5RKq4oaQBZ7Os6UlQf2pHKsFtywERuRowX5VEg
   rQOo1eemxLkhqKyIJtlDEIR2FHjZo0wrdEHiMj5HMev8Z+F0V/HjmxUs67esO/Ga
   GiyrBMFXJXzluyyOVl7lmXcF1FCVAT7K14v6NxHdwTXxwcuHylV0RTp+gedPQtbL
   aymLIVUJ26yKVzRF52bk0k/SZvw0jWFpmvMOVBrWzQjVzTbAAkYYG9IWDPH0e33I
   iSM1egBdfiGdWPsysZ2vh6iNu7nNsJSyFHKIQhJQtv6ulYz/JYRwDcszH/Hn5E0n
   0Cl56JLSVgrBDmDBD8hmSXF3SYjFWuGGk/UaJG/0DtZY91xoe4+erE/yKqLf2FJv
   gJYKwfVsbebFbX3KEyt3FfKK5e+p/xzxd8DowPc7W9G4RPPh4hjX+dBfJEhwzNYM
   3ZyZNJa59BuMTltEXpYRpDpi1xcrGeFvTA3CHpZ/3ktfr8iEtG6S4/HUnUvdvGzF
   CXgqEHH+Bvh1w2EnKmvEojloo+ohnh9BFJPZiOXlnRnlpUBKXefH5A/oos6JQm8q
   fNsGkCciuFT6mln7F2jFJ6lKV6WcjVi/oGI7Td8YKDF8FzA31Tnxki9JkzZCdrbB
   oerKiX/Gd/a6IbeD8nmqn1B5SKeH2U81GMRTEZXGAI5nZtXLycIUN2EmSeD0QLhC
   lNgMesUfYwFse7ZUpf/4CAvSFtGweZ1zLAF/3+aTJ3CCfkS7bnSQusZYEsZlfvif
   nuht/z3M3Y+qED7+YLPgXnTAgrsq5PlcNW2BrIQ4n/mv3aui7sZIndL9mFrpuhU6
   kRu9CsxvG2rOml1FHb9qU+m7yjoCMm2xMLZvwyhrdfqLfJ9q3q62v+gRpQRTEF1l
   8+UDDOPEF0fxJYdzOz7EDMOs0pWrOc67GxrEDDLHvzD5OM9GtvirKGrOP11iXIVY
   YcQ9Uw5lyvgp2+1TTku0m4dOhnF3mjVOyryAoV2DSRokmVwXUznEfWtlqJx5e4AS
   Om4WbDJTTgqe5rNnYLb1BcqnIwoj34DExdrOhvFvCw9UJGvhe4SlKSds9aGowUcf
   /QHI9iIeG2VS7GDPt59N06cK2+2FqsAjCSMMWcDETjbUCrLt++ztrm0bu1zspNfB
   3HTQMYq+dMu6t0kyS2shEr2iof2OlZEJ+V7FKHddYG2M8aBTUkdLPonGsIqs0Lp+
   HNFyDThz/ptWSI01Xi4E0fD913fef687KPzK4L8e3hJIFGUhv+H/69NLxjKPy5iX
   lpTwurR6mSkWKImNB1z3tfS/w8uJvr62BLHUywo5ea3ybs2C99KFi895b2at30gW
   qNckUPPM6sjbLWHhgZDyBGZgegMsvmjpI4qniest+bEwKASTsaoPEbQMBy99y/3K

Bashiri, et al.           Expires 17 April 2025                [Page 28]
Internet-Draft              SLH-DSA for X.509               October 2024

   L7osiiwpW6+RVTJmMRagPvDBNHcYFGVV/ih8TRaeiB3yDPW68wHugLEsV1+eya+q
   ul+3KaIHC0vPWXnebT4fouz/RxzGkTVkMRoFD1fcgJzEXTIm6JuAWCVkhQMer+5o
   /BJqzuuBhIBZx+5JDtTnoyMq8zwfS7+MGxmDtepeOGnYh0KXKJsXwkKJRzQWQqDj
   SkXSdWHQ/kC01/ktzKhSxOpF9W+2z3keCuUiZQRdb6RWWREiaeP0RPqQFZp+a0Ua
   hRgvAi7sW4cOEW/0SBlAtzcL/55RjO6Jq/tzxUNyQ4XKuL0KMnFTXo72Ese/dL5M
   M0teMnkciyTPf9CuAqgMshiREIPtdqBkH9v6rewrZdbycHOv8MxT7a4dAGcefD3y
   2BcxUHFv14iCCF1v4CGvFMS+B4vGXACBDUrTW6u+2h6n42jfFpvsFg6uLG9pJ1ri
   l7k76gq4XHemhWarviNLsCR0cmUExe82zpbCQMRwnUIvWeqTps1x6MNB1Pa5YgHf
   mkYo03/NpvFltCNOauBKKTg1/WkawFrZf6ZAwd/AGWfR8juF5IIr08BCzxoo/Ouy
   i59RfIwiLLoUbBRGMdhuw24Ikvlao2RJUQP4Rzc7pTewmIfTuNERpAOLWjuqvUFs
   6nDj2Rw9y/689uLhd3huhHveIpiQCVVbQBgjOhdGJkBC56DRcQFcK6YaYuXfkzSL
   hey0xW8eik6p8agRFssE//gFrdcrmiE3pkQYTAg3ltGx1ystzWWajHzSRZrFqCGn
   2dZ7AWSFfBG8SA76HNuVj5Hp36o+iyj4G0LTdwpNFNZ6Z2/qu1TmCl4UHRTO0ShR
   gy+f/9R4GRUcp/wTiXhr7Ng7PaRkoNNj8pp4Tgq6dv9uUIzfic5Z7hH61uFdeWtZ
   moWwRfOpco5QvVvNoRjuY4IusmTEnAd7uSnh81xW5jNTHVo+TDDmE8tu/Sid9kfD
   13QHB92igNsBiGWOrNxlYWCGhHVrsRiB/GnxR4szdJidd/QqBycTU3RS4bf3wcpK
   0oDm/7jhUHAFBdtmO/0+JCPxvPUZjuuxdZrjfDKTazN8Hwa9O6qMTznEdh6EzT6L
   8TnEcF8PQGecALlB4vKd/rtU74IoXJBoHdS6b1teHxSKsdPH25k+3m+FzK7m3A6p
   6drS7gBLz2W+7JRWwTcTlE1xoFiihM6KhgIVNC8BcXkEhyjcEoGeDe59KM9p16/R
   oTLGVRHHoooznwz54SBAcXNbYNwo0LhsBortdEyOKV0wW9Itwi223NT/q4emb7HB
   TpF2KQIvcMa2qzoYXHuZwPpYZrsbrK80Hc9ezHiA0Ew58QxFdJmKi4/mLF9v2kl/
   gOeFbrp1Cs7wL7xaDLIjo4HcPkjPGw3qO/UpzlMFjzqBBN36zxDfQS5FF3/0HjFu
   ZEhuMaHS7GH9i5ntHdsVMhGONpeWGij9bamI1/8hvUeTJ5YrzmpNw/ebrps1565P
   40fzt+preTHxx1P7H4Mcc+PrqRnRyDrc/7A5zLNfDqgcgrifTHw1MtPaiEvW/MPd
   1BOtOASoO8RKjfhphSu8lJbwx5zRhBGmL+v1anrUqUTM3MtSeIPuj/VgSaLEsDxr
   DnjJ9odqG2zyIHIYzZ0F2j2it1s5kHsStNYL69CYioBiRcCOpaiUgyXpII2k4TzK
   g/ec5ElMlFDh6Me7tOKZnHKGSucgzWH/EKlqg5LL2CHWwcDXLcFFR4UoBVZnM1b/
   9b37yXXzrPBf2ME1WN7KmOrwA/0QNZL3sTbUtfYtMlnzav6I0W7KZf3+pPinl7ji
   haw+lEM5Kgsc0byA/oGh9htYfFGyPcN0k9taMZbRh9tXmQU91G4Neote2LeLtAtx
   XfJ/RHMZaBEZfAngril2WeF+Jxf5FF7Cq4nhTCD/zv+4VVncalmmdr1mZ+lH3lxw
   GMqzlr7IDVRIbAQgmMHKKkbC5XBWJR1j75rwCtDw8SZ52mdBVQv+yjYRUQRXaUao
   wabXgasttEW38GnLE5VaVYv39inMLj514GPWcsYBuyw9Igz44PtnQTJayJzD5oyR
   RikuXj5jg76ati9CTSmeGqXw7XRlt5XOvDeWT52/8v9ldmN3MP1sz1dFsePwclJ4
   ANSd1BI0ZlW+EY3DEOnZLds21ig+k9vMPMwRlmDnLd6ekAJH3aqb17/mf55vTYj9
   feE/Uoj/1J00uHSsbRPRRLPgAZC94eOUqvObMtvmkYpqf/TN36SDi31P/eMo15/G
   ZJIFAyI4F7UOA4dzkIK8XeWD+J0l9hoTpED3SGGp8d0HmXQKzWowOADyClrI/sxM
   xE1nbT8EJNGk8IdFZUVFxn/HyvmQeXtozst60kdeBoLpU5JrfDaCexVn/UprWR+j
   9ODtx3+U/UA6vzG3mFOOLk4Vmo2MFhe2imEIypDxfpUQrgjHBYfI6anMrCxxXiqo
   W2rjLIXsHpzjwAgbFy5ysUTjqrTwWr6Tlq3ahFK8AoK+uDaIYTIGXc8gwN8HoRT4
   9Iy1WyzXrysekbbVEitoIxKO8MA4OFa0k2Xx5YBDOsSQIc4/5F7nLk9Fw+AKgTdc
   GACDhpfzamt6IKhLBHT65LiQhNpd1rRM+/GYQwSMVoYisXMGMXaKPTXkOZ64IlRm
   3oZ4mhMkVlK9tcPpZckGLr9eq8nWZZPFqcBItbuwcyM1ivGmb/gOKDPdbcJxfal7
   GCz073LFRjJlqYCR5o5X3fo4iIyJ4VB2fqCYooseWvZKND/5cAWyum5iVSliGjE7
   v3H1adlz/uQbuUaqntv8xTadTQacVBjP4rSvLrNarzKWD4nO2m4TWAsQ04Sv+SKn
   y4hntLC0JIIaen2wMluKcweQuFkTJVa17OxW5Y66l2EjaXETvrLJU6F4Jvxc/sMC
   11CVqI9ugbKi3qPaWmbiUp9vGX5JKPW0lgTCqFajH7hqYewSJeNkKvbhnvvSflrO
   8Swigch8rvtppEgTGHdtwfvaD2mNHm6TdSPvrqjxdUUWWxMdEmTkWrJXr4DgwyLI
   6WK4j6frx8TNyGSL6d7L4VKBBZwWd0vfTqp/D6jtHqyETZaGX5N/f/YqtLFPlF2z

Bashiri, et al.           Expires 17 April 2025                [Page 29]
Internet-Draft              SLH-DSA for X.509               October 2024

   jsXu5FkzarQvKWUIaq9uL4DJ/5Cm6Ts3BC1msL1FeNPe1M70Z5UuT7zvAIXPCqb1
   yH8SWAnNUo/0DLXBQHt7RsKsGXYe3Ktpk4ibTg/9JcV9fRg8XGKWDJrkr1xLgRzs
   MLygXEU7144wqKSEDhJYaJDvoQkMWzIRHc0SlNY+NwNNWs0UwSoXdSCQJmq6HXiD
   EfyUTQjuDQl1IUc29f9XQhUZ6zMQ17/qlJdB0sVnMuGOl8FYa8A8RSbWcQZ20v1s
   B/FO7xhFo7QWX0IP4t1d4C80wo5yuGmNqBEbOqkTi6Rir3M6KNzGg+fBgjPmwlL/
   uh14YdcV4LStkFrzHvTNkiki+X/tmUSu5GeiLXVPd+ILzSmALq5epYWjogkxUYKY
   Cyx6a5bvjcD1H5i09iK2IW4247sY2h0kRg1lKLZq
   -----END CERTIFICATE-----

Acknowledgments

   Much of the structure and text of this document is based on [RFC8410]
   and [I-D.ietf-lamps-dilithium-certificates].  The remainder comes
   from [I-D.draft-ietf-lamps-cms-sphincs-plus].  Thanks to those
   authors, and the ones they based their work on, for making our work
   earier.  "Copying always makes things easier and less error prone" -
   [RFC8411].

Authors' Addresses

   Kaveh Bashiri
   BSI
   Email: kaveh.bashiri.ietf@gmail.com

   Scott Fluhrer
   Cisco Systems
   Email: sfluhrer@cisco.com

   Stefan-Lukas Gazdag
   genua GmbH
   Email: ietf@gazdag.de

   Daniel Van Geest
   CryptoNext Security
   Email: daniel.vangeest@cryptonext-security.com

   Stavros Kousidis
   BSI
   Email: kousidis.ietf@gmail.com

Bashiri, et al.           Expires 17 April 2025                [Page 30]