Best regards / Viele Grüße,
Dieter
Dear Francois,
we appreciate your feedback and comments to our work on PKCS#11 specification v3.2, thank you.
From your first comments, I understand you have been looking at working draft 07? The latest published working draft 08 https://groups.oasis-open.org/higherlogic/ws/public/document?document_id=72453&wg_id=922ef643-1e10-4d65-a5ea-018dc7d3f0a4 includes the CKA_SEED attribute in sections 6.67.3 and 6.68.3, and object IDs and wording for wrapping ML-DSA/ML-KEM keys in section 6.7.
I am currently editing working draft 09. In this revision, I will include the term KEM in the Definitions section, swap the order of CKA_SEED and CKA_VALUE in the sample code in 6.67.3 / 6.68.3, and fix the references [FIPS 203] and [FIPS 204].
I copy our TC email list OASIS-pkcs11@ConnectedCommunity.org in order to have your feedback and any further discussion archived there as well.
Finally I would recommend for the latest draft of PKCS#11 v.3.2 that the acronym KEM should be defined under the section 1.1.
As for the sample templates under the sections 6.67.3 and 6.68.3, I have noted tgat CK_BYTE value[] and CK_BYTE seed[] do not appear in the same order as CKA_SEED and CKA_VALUE, which appear just below. Based on the proposed ASN.1 specification for the private key and for consistency, I would recommend that CK_BYTE seed[] should probably appear before CK_BYTE value[].
Could someone please confirm that you indeed have received my comments?
Best regards,
Francois Rousseau
I am sorry for the multiple emails, but I have also noted in the latest draft of PKCS#11 v3.2 that the Appendix A.1 incorrectly refers to FIPS 203 for the Module-Lattice-Based Digital Signature Standard and FIPS 204 for the Module-Lattice-Based Key-Encapsulation Mechanism Standard, when in reality it is actually the reverse.
In addition, I have also noted that the first paragraph of Section 6.7 of the latest draft of PKCS#11 v3.2 fails to mention the use of secret keys for wrapping and unwrapping the ML-DSA and ML-KEM private keys.
For your consideration,
Francois Rousseau
Hi Dieter and Greg,
I have just recently noted in the latest draft of PKCS#11 v3.2, which was shared yesterday by Viktor in his email to the LAMPS working group for the Request to Extend IETF WGLC for ML-KEM and ML-DSA private key format Specification, that the third paragraph under the sections 6.67.4 and 6.68.4 of PKCS#11 both fails to mention the CKA_SEED attribute as part of the attributes to the new private key, which seems inconsistent. Am I missing something?
Best regards,
Francois Rousseau
Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com
Seat: Aachen – Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managing Directors: Stefan Auerbach, Hacan Tiwemark
You will find our data protection information for customers and business partners here.
This communication is confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Please inform us immediately and destroy the email.