Protocol Action: 'Composite Module-Lattice-Based Digital Signature Algorithm (ML-DSA) for use in X.509 Public Key Infrastructure' to Proposed Standard (draft-ietf-lamps-pq-composite-sigs-19.txt)

The IESG <iesg-secretary@ietf.org> Wed, 22 April 2026 16:37 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'Composite Module-Lattice-Based Digital Signature Algorithm (ML-DSA) for use in X.509 Public Key Infrastructure' to Proposed Standard (draft-ietf-lamps-pq-composite-sigs-19.txt)
Auto-Submitted: auto-generated
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <177687584750.1107611.925632837638542667@dt-datatracker-b45949c58-5szpr>
Date: Wed, 22 Apr 2026 09:37:27 -0700
Message-ID-Hash: ZD7IRU7EKSCFW26LBKLXPID6DRPO2YHH
CC: The IESG <iesg@ietf.org>, draft-ietf-lamps-pq-composite-sigs@ietf.org, lamps-chairs@ietf.org, rfc-editor@rfc-editor.org, spasm@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/dasQWwmYvRRs2oap1pm1QDTc-aQ>

The IESG has approved the following document:
- 'Composite Module-Lattice-Based Digital Signature Algorithm (ML-DSA)
   for use in X.509 Public Key Infrastructure'
  (draft-ietf-lamps-pq-composite-sigs-19.txt) as Proposed Standard

This document is the product of the Limited Additional Mechanisms for PKIX
and SMIME Working Group.

The IESG contact persons are Christopher Inacio and Deb Cooley.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-lamps-pq-composite-sigs/




Technical Summary

   The advent of quantum computing poses a significant threat to current
   cryptographic systems.  Traditional cryptographic signature
   algorithms such as RSA, DSA and its elliptic curve variants are
   vulnerable to quantum attacks.  During the transition to post-quantum
   cryptography (PQC), there is considerable uncertainty regarding the
   robustness of both existing and new cryptographic algorithms.  While
   we can no longer fully trust traditional cryptography, we also cannot
   immediately place complete trust in post-quantum replacements until
   they have undergone extensive scrutiny and real-world testing to
   uncover and rectify both algorithmic weaknesses as well as 
   implementation flaws across all the new implementations.   

   This document defines combinations of ML-DSA [FIPS.204] in hybrid
   with traditional algorithms RSASSA-PKCS1-v1.5, RSASSA-PSS, ECDSA,
   Ed25519, and Ed448.  These combinations are tailored to meet
   regulatory guidelines.  Composite ML-DSA is applicable in
   applications that uses X.509 or PKIX data structures that accept ML-
   DSA, but where the operator wants extra protection against breaks or
   catastrophic bugs in ML-DSA, and where EUF-CMA-level security is
   acceptable.

Working Group Summary

   There was a lot of debate, and many people asked for fewer combinations, but
   in the end there were people that want each of the combinations that are
   specified.

   There is one IPR disclosure exists: https://datatracker.ietf.org/ipr/4761/

Document Quality

   There is no Yang, MIB, or Media types.

   ASN.1 is used.  Once a placeholder values are inserted for the module 
   identifier and the algorithm identifiers that will be assigned by IANA,
   the ASN.1 module compiles without error.

   There is a downref to [RFC5915, and [RFC5639].  The IESG is asked to call
   out these downrefs in the IETF Last Call, and then add them to the downref
   registry.

Personnel

   The Document Shepherd for this document is Russ Housley. The Responsible
   Area Director is Deb Cooley.

Protocol Action: 'Composite Module-Lattice-Based … The IESG