Public Comment - Falko Strenzke #28
Description
I have the following comment on PKCS #11 v3.2 Committee Specification Draft 01:
In line 16633 it says about ML-DSA:
"Verification is only for single part verifications or multipart verifications when the C_VerifySignatureInit interface is used"
This requires to set the signature before the message is provided. This seems like an unnecessary restriction since ML-DSA signature verification doesn't require any element of the signature before consuming the message, if I am not mistaken.
Streaming the message is thus not possible for protocols that send the signature after the message.
Separately:
CKA_COPYABLE
Agree this is an error. Is this a typo we can fix in v3.2? It is a typo, but seems to be out of scope for just editorial. If you make it copyable, could be a security issue. Even if we do not say in the spec, most likely someone would not do that. Should consider fixing for 3.3.
- That is correct, does not require. But this may an inconsistency that we can fix as an editorial. No concerns with fixing this as editorial.