Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-64738

Support ML-DSA signatures in TLS in NSS

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • No
    • Low
    • 1
    • rhel-security-crypto
    • ssg_security
    • 23
    • 26
    • 6
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Crypto25August
    • Hide

      1. A self signed ML-DSA certificate can be used by NSS server and NSS client can establish a successful connection to it
      2. An NSS server can be used with a typical certificate chain (CA, subCA, server cert), and NSS client can establish a successful connection to it.
      3. Client certificate based authentication with ML-DSA keys and certificates works
      4. Interoperability with OpenSSL (as both server or client) is tested
      5. All three key sizes: ML-DSA-44, ML-DSA-65, and ML-DSA-87 are tested.
      6. Interoperability of private keys with OpenSSL (through PKCS#12) is verified

      Show
      1. A self signed ML-DSA certificate can be used by NSS server and NSS client can establish a successful connection to it 2. An NSS server can be used with a typical certificate chain (CA, subCA, server cert), and NSS client can establish a successful connection to it. 3. Client certificate based authentication with ML-DSA keys and certificates works 4. Interoperability with OpenSSL (as both server or client) is tested 5. All three key sizes: ML-DSA-44, ML-DSA-65, and ML-DSA-87 are tested. 6. Interoperability of private keys with OpenSSL (through PKCS#12) is verified
    • Pass
    • Automated
    • Feature
    • Hide
      .NSS supports ML-DSA keys

      With this update, the Network Security Services (NSS) database now supports using Module-Lattice-Based Digital Signature Algorithm (ML-DSA) keys. ML-DSA is a new signing algorithm approved by the National Institute of Standards and Technology (NIST) as resistant to attacks from a Cryptographically Relevant Quantum Computer (CRQC).
      Show
      .NSS supports ML-DSA keys With this update, the Network Security Services (NSS) database now supports using Module-Lattice-Based Digital Signature Algorithm (ML-DSA) keys. ML-DSA is a new signing algorithm approved by the National Institute of Standards and Technology (NIST) as resistant to attacks from a Cryptographically Relevant Quantum Computer (CRQC).
    • Done
    • None

      NSS should support use of ML-DSA certificates in TLS.

      https://github.com/bwesterb/tls-mldsa

              hkario@redhat.com Alicja Kario
              hkario@redhat.com Alicja Kario
              Robert Relyea Robert Relyea
              Alicja Kario Alicja Kario
              Jan Fiala Jan Fiala
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: