[Cfrg] draft-mcgrew-hash-sigs - Examples

[Jim Schaad <ietf@augustcellars.com>]

I guess that the first person to try and use any test cases in a document is
always the first person to get frustrated by them.

1.  It would be nice if there was a description for what each test case
allows one to do.  I think the answer is that Test Case 1 can only be used
to test the validation code and get either a success or a failure answer.
No intermediate values to help in the event of a fail.    I think that Test
Case 2 was supposed to allow for testing both creation and validation of the
example but important information seems to be missing from the test case.

2.  Test case #2 appears to have private seeds for generating of private
keys.  However there is only a single seed and a single identifier which I
assume is for the first HSS layer.  This does not have the needed seeds to
generate the second HSS layer and the LMS layer unless you have violated the
main document by chaining the key generation across the different LMS trees.

3.  I have a confusion that I think has been brought on by Russ as part of
his CMS draft where he is using the term standalone HSS tree and I am
getting more confused by that but I think I see where that is going and why
it is not mentioned in this document.  

4.  Having a couple more introductory or intermediate examples would have
been helpful.  Thus there is an example of getting an LMS public key, but
not a case of - here is the private key and message and this is the LMOTS
signature that results - completely standalone.  (Although it could be
inferred from the second test case if the extra intermediate values
existed.)  This makes it easier to test things from the bottom up rather
than from the top down.   Given a tree private key root value, the private
key of a node at Q, the public key and a signature computed from that would
allow for the best possible set of data for testing short of a complete set
of intermediate values.

Jim