Skip to content

Fix Composite ML-DSA OIDs #118795

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 15, 2025
Merged

Fix Composite ML-DSA OIDs #118795

merged 1 commit into from
Aug 15, 2025

Conversation

@MackinnonBuck
Copy link
Member

Fixes the OIDs for Composite ML-DSA to match what's described in https://datatracker.ietf.org/doc/draft-ietf-lamps-pq-composite-sigs/

Originally spotted by @BrennanConroy in dotnet/aspnetcore#63280

Copilot AI review requested due to automatic review settings August 15, 2025 19:19
Copilot AI reviewed Aug 15, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes the OID (Object Identifier) values for Composite ML-DSA (Machine Learning Digital Signature Algorithm) constants to match the official specification in the IETF draft for post-quantum composite signatures.

  • Updates all ML-DSA composite signature OIDs to include an additional ".1" segment in their identifiers
  • Corrects 18 different ML-DSA variant OIDs to align with the standardized format

@MackinnonBuck MackinnonBuck mentioned this pull request Aug 15, 2025
Merged
@dotnet-policy-service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

@PranavSenthilnathan PranavSenthilnathan added this to the 10.0.0 milestone Aug 15, 2025
PranavSenthilnathan
PranavSenthilnathan approved these changes Aug 15, 2025
View reviewed changes
Copy link
Member

@PranavSenthilnathan PranavSenthilnathan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch @BrennanConroy and @MackinnonBuck! These aren't being tested currently since PKCS8 and SPKI support hasn't been fully implemented yet.

@build-analysis build-analysis bot mentioned this pull request Aug 15, 2025
Open
@bartonjs
Copy link
Member

/ba-g known failure (#118770, already fixed)

@bartonjs bartonjs merged commit 6edbc50 into main Aug 15, 2025
86 of 89 checks passed
@bartonjs bartonjs deleted the mbuck/fix-oids branch August 15, 2025 23:00
@vcsjones vcsjones modified the milestones: 10.0.0, 11.0.0 Aug 16, 2025
@vcsjones
Copy link
Member

@PranavSenthilnathan @bartonjs it looks like this missed the 10.0 snap. If we want this in 10 it needs to be back ported.

@PranavSenthilnathan
Copy link
Member

@PranavSenthilnathan @bartonjs it looks like this missed the 10.0 snap. If we want this in 10 it needs to be back ported.

This recently got pulled in with #118812, so not needed anymore.

@github-actions github-actions bot locked and limited conversation to collaborators Sep 16, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

@bartonjs bartonjs bartonjs approved these changes

@PranavSenthilnathan PranavSenthilnathan PranavSenthilnathan approved these changes

Assignees

@MackinnonBuck MackinnonBuck

Labels

area-System.Security

Projects

None yet

Milestone

11.0.0

Development

Successfully merging this pull request may close these issues.

5 participants

@MackinnonBuck @bartonjs @vcsjones @PranavSenthilnathan