Joe: Thanks for the careful review. > Reviewer: Joe Clarke > Review result: Ready Good to hear. > I have been assigned to review this document as part of the ops directorate. > This document describes conventions for using the HSS/LMS with CMS. Overall, > this document is well-written, and I appreciate the considerations around > signing size and computation in the introduction. This will help operators > properly evaluate the use of this algorithm. I did find a few small nits. One > thing that struck me on the first read is that you have to get to the > Introduction before HSS/LMS are expanded whereas CMS is expanded in the > abstract. Might I suggest you expand HSS and LMS in the abstract as well? I have done so: This document specifies the conventions for using the Hierarchical Signature System (HSS) / Leighton-Micali Signature (LMS) hash-based signature algorithm with the Cryptographic Message Syntax (CMS). In addition, the algorithm identifier and public key syntax are provided. The HSS/LMS algorithm is one form of hash-based digital signature; it is described in RFC 8554. I have also expanded it in the first sentence of the Introduction. > Other nits: > > Abstract: > > s/for using the the HSS/LMS/for using the HSS/LMS/ No longer relevant with the revised Abstract above. > === > > Section 2.3: > > s/When this object identifier is used for a HSS/LMS/When this object identifier > is used for an HSS/LMS/ This is in Section 3, right? If so, fixed. > === > > Section 6: > > s/cause an one-time key/cause a one-time key/ > > s/When generating a LMS key pair/When generating an LMS key pair/ Both fixed. Russ
