Should we use the context String for the underlying ED448 and X25519 algorithms #64
Comments
|
Bring up to the mailing list or in the 121 presentation. |
|
Both RFC8410 (EdDSA in X.509) and RFC8419 (EdDSA in CMS) say explicitly that the context string is not used. Since currently X.509 and CMS do not use the context string of EdDSA, then the most backwards compatible thing is to maintain that behaviour for the EdDSA component. I think that maintaining the backwards compat on the traditional component is more important than increasing its security above the security that EdDSA has today. |
|
Re-opening issue in light of #79 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We are using the Domain as a context String for ML-DSA,
We can't use the Domain as the context for RSA or ECDSA as they algorithms don't take a context string.
However, ED448 and X25519 do use a context String and could be used.
That would likely give us SUF security for those algorithm combinations.
The text was updated successfully, but these errors were encountered: