Fix ANS.1

Depends on lamps-wg/kyber-certificates#47 but that can happen in parallel.
lamps-wg · Oct 11, 2024 · 02a053e · 02a053e
1 parent 618b4c9
commit 02a053e
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 7 deletions.
diff --git a/CMS-KYBER-2024.asn b/CMS-KYBER-2024.asn
@@ -22,9 +22,18 @@ IMPORTS
     FROM CMSAesRsaesOaep-2009
        { iso(1) member-body(2) us(840) rsadsi(113549)
        pkcs(1) pkcs-9(9) smime(16) modules(0)
-       id-mod-cms-aes-02(38) };
+       id-mod-cms-aes-02(38) }
 
--- ML-KEM Algorithm
+  id-alg-ml-kem-512, id-alg-ml-kem-768, id-alg-ml-kem-1024,
+  pk-ml-kem-512, pk-ml-kem-768, pk-ml-kem-1024
+    FROM X509-ML-KEM-2024
+       { iso(1) identified-organization(3) dod(6)
+         internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
+         id-mod-x509-ml-kem-2024(TBD2) };
+
+--
+-- ML-KEM Key Encapsulation Mechanism Algorithms
+--
 
 kema-ml-kem-512 KEM-ALGORITHM ::= {
    IDENTIFIER id-alg-ml-kem-512

diff --git a/draft-ietf-lamps-cms-kyber.md b/draft-ietf-lamps-cms-kyber.md
@@ -244,7 +244,7 @@ The SMIMECapability SEQUENCE representing the ML-KEM algorithm MUST include one
 
 # Identifiers {#sec-identifiers}
 
-All identifiers used by ML-KEM in CMS are defined elsewhere but reproduced here for convenience:
+All identifiers used to indicate ML-KEM within CMS are defined elsewhere but reproduced here for convenience:
 
 ~~~
   nistAlgorithms OBJECT IDENTIFIER ::= { joint-iso-ccitt(2)
@@ -306,9 +306,7 @@ Parties MAY gain assurance that implementations are correct through formal imple
 
 # IANA Considerations {#sec-iana-considerations}
 
-None.
-
-Within the CMS, algorithms are identified by object identifiers (OIDs). All of the OIDs used in this document were assigned in other IETF documents, in ISO/IEC standards documents, or by the National Institute of Standards and Technology (NIST).
+For the ASN.1 Module in {{asn1}}, IANA is requested to assign an object identifier (OID) for the module identifier (TBD1) with a Description of "id-mod-cms-ml-kem-2024". The OID for the module should be allocated in the "SMI Security for S/MIME Module Identifier" registry (1.2.840.113549.1.9.16.0).
 
 <!-- End of iana-considerations section -->
 
@@ -322,7 +320,9 @@ Thanks to Carl Wallace and Jonathan Hammel for the detailed review and Carl Wall
 
 --- back
 
-# ASN.1 Module
+# ASN.1 Module {#asn1}
+
+RFC EDITOR: Please replace TBD2 with the value assigned by IANA during the publication of [I-D.ietf-lamps-kyber-certificates].
 
 ~~~
 <CODE BEGINS>