| Raef Coles | 8ff6df5 | 2021-07-21 12:42:15 +0100 | [diff] [blame^] | 1 | Features |
| 2 | * Add the LMS post-quantum-safe stateful-hash asymmetric signature scheme |
| 3 | as defined in RFC8554 and NIST.SP.200-208. This currently only supports |
| 4 | one parameter set (LMS_SHA256_M32_H10), meaning that each private key can |
| 5 | be used to sign 1024 messages. As such, it is not intended for use in TLS, |
| 6 | but instead for verification of assets transmitted over an insecure |
| 7 | channel, particularly firmware images. This is one of the signature |
| 8 | schemes recommended by the IETF draft SUIT standard for IOT firmware |
| 9 | upgrades (RFC9019). |
| 10 | * Add the LM-OTS post-quantum-safe one-time signature scheme, which is |
| 11 | required for LMS. This can be used independently, but each key can only be |
| 12 | used to sign one message so is impractical for most circumstances. |