IETF Last Call Review of draft-ietf-lamps-kyber-certificates-10
review-ietf-lamps-kyber-certificates-10-genart-lc-knodel-2025-06-09-00

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://wiki.ietf.org/en/group/gen/GenArtFAQ>.

Document: draft-ietf-lamps-kyber-certificates-??
Reviewer: Mallory Knodel
Review Date: 2025-06-09
IETF LC End Date: 2025-06-06
IESG Telechat date: Not scheduled for a telechat

Summary: The draft defines how ML-KEM is represented in X.509. It defines
algorithm identifiers, public- and private-key structures, key-usage semantics,
and provides examples. It's certainly thorough, and follows related RFCs well.

Major issues: None.

Minor issues: None.

Nits/editorial comments:

 * Suggest slight rewrite for the second of the two sentences in Section 5: "If
 the keyUsage extension is present in a certificate that indicates
 id-alg-ml-kem-* in the SubjectPublicKeyInfo, then the keyEncipherment bit MUST
 be the only key usage set."

 * Section 8: Private Key Consistency TESTING

 * Section 9: Suggest pulling in simply the headings or abstract of what is
 included in draft-sfluhrer-cfrg-ml-kem-security-considerations, making this
 paragraph just one sentence longer, which could help the reader to know on the
 order of what security considerations might be explained further.

 * Each subsection of Appendix C has repeated text that could be placed in the
 stacked head of that section. Furthermore one might use that intro text space
 before each subsection to point out anything that the reader might want to
 know or not be able to spot when holding them side-by-side. So, rather tell
 then show. Or, both show and tell, please. For readability and utility to the
 reader.

Thanks for the great work!