Hi Russ, Thanks for your instantaneous response. Your proposed changes resolve my comments. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e3e3@xxxxxxxxx On Tue, Aug 13, 2024 at 11:11 AM Russ Housley <housley@xxxxxxxxxxxx> wrote: > > Donald: > > Thanks for the review. > > > All my comments below are minor to very minor. > > > > Section 6, Security Considerations, 1st paragraph. Why is it that > > compromise of the private keys only "may" lead to the ability to > > forge? "May" seems right for something like "result in forged > > signatures" but doesn't compromise of the private key lead pretty > > certainly to the *ability* to forge a signature? > > I changed "may" to "will" in my edit buffer. > > > Somehow the presence of "non-volatile" is a bit jarring. I understand > > that you are talking about exceptional problems but perhaps it would > > be good to also say the "volatile" storage must not be used? > > I do not agree. NIST has a specification of HSS/LMS that prohibits backup, and some vendors are pushing back against that wording. Here, I have tried to explain the consequences of various implementation choices without imposing any specific requirements. > > > Section 1.3, 3rd paragraph: Would it be reasonable to add just before > > the comma in the first sentence "but on the difficulty of finding > > pre-images of a strong hash function" or something like that? While I > > believe it, is there a reference for the "considered to be > > post-quantum secure" statement? > > How about: > > Since the HSS/LMS signature algorithm does not depend on the > difficulty of discrete logarithms or factoring, but on a > second-preimage-resistant cryptographic hash function, the HSS/LMS > signature algorithm is considered to be post-quantum secure. > > Section 1.1 of RFC 8554 contains a CFRG Note on Post-Quantum Cryptography. Given the vast number of references to this RFC, I think that part is covered. > > > Section 2.1, last sentence: While it is somewhat a matter of taste, > > arguably, except in the most surprising cases, the words "Note that" > > are mostly superfluous noise. (Ditto for two more "Note that"s in > > Section 4.) > > Agree. However, it seems awkward to start a sentence with the name of a variable. > > I will remove the ones in Section 3.3 and Section 4. > > Russ -- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
