Re: [PATCH v11 3/8] pkcs7, x509: Add ML-DSA support

Next message: Joel Granados: "Re: linux-next: build warnings after merge of the sysctl tree"
Previous message: Kurt Borja: "[PATCH v3 0/7] iio: core: Introduce cleanup.h support for mode locks"
In reply to: Eric Biggers: "Re: [PATCH v11 3/8] pkcs7, x509: Add ML-DSA support"
Next in thread: David Howells: "Re: [PATCH v11 3/8] pkcs7, x509: Add ML-DSA support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Biggers

Date: Tue Jan 06 2026 - 03:22:51 EST

On Tue, Jan 06, 2026 at 12:02:51AM -0800, Eric Biggers wrote:
> For simplicity and to avoid this issue entirely, I suggest just allowing
> SHA-512 only. That's the only one that RFC 9882 says MUST be supported
> with ML-DSA.

That being said, this is only applicable for the case where signed
attributes are used. If you can get the other case working properly and
just support that case, where the real user message is what is passed to
ML-DSA, that would also avoid this issue and be much simpler.

- Eric