From 2c11c28a851fe62c59f079a4c5970e9fc967ae8f Mon Sep 17 00:00:00 2001
From: ID Bot <idbot@example.com>
Date: Wed, 20 Dec 2023 14:53:06 +0000
Subject: [PATCH] Script updating gh-pages from eb09f31. [ci skip]

---
 .../draft-ietf-lamps-kyber-certificates.txt   |  415 -----
 ...urner-lamps-nist-pqc-kem-certificates.html | 1576 ----------------
 ...turner-lamps-nist-pqc-kem-certificates.txt |  354 ----
 index.html                                    |   46 +-
 .../draft-ietf-lamps-kyber-certificates.html  | 1633 ----------------
 ...urner-lamps-nist-pqc-kem-certificates.html | 1576 ----------------
 ...turner-lamps-nist-pqc-kem-certificates.txt |  354 ----
 seanturner-asides/index.html                  |   50 -
 .../draft-ietf-lamps-kyber-certificates.html  | 1635 -----------------
 .../draft-ietf-lamps-kyber-certificates.txt   |  415 -----
 seanturner-md-fix/index.html                  |   50 -
 .../draft-ietf-lamps-kyber-certificates.html  |  121 +-
 .../draft-ietf-lamps-kyber-certificates.txt   |   86 +-
 ...urner-lamps-nist-pqc-kem-certificates.html |   24 +-
 ...turner-lamps-nist-pqc-kem-certificates.txt |    6 +-
 .../index.html                                |   10 +-
 16 files changed, 137 insertions(+), 8214 deletions(-)
 delete mode 100644 draft-ietf-lamps-kyber-certificates-02/draft-ietf-lamps-kyber-certificates.txt
 delete mode 100644 draft-ietf-lamps-kyber-certificates-02/draft-turner-lamps-nist-pqc-kem-certificates.html
 delete mode 100644 draft-ietf-lamps-kyber-certificates-02/draft-turner-lamps-nist-pqc-kem-certificates.txt
 delete mode 100644 seanturner-asides/draft-ietf-lamps-kyber-certificates.html
 delete mode 100644 seanturner-asides/draft-turner-lamps-nist-pqc-kem-certificates.html
 delete mode 100644 seanturner-asides/draft-turner-lamps-nist-pqc-kem-certificates.txt
 delete mode 100644 seanturner-asides/index.html
 delete mode 100644 seanturner-md-fix/draft-ietf-lamps-kyber-certificates.html
 delete mode 100644 seanturner-md-fix/draft-ietf-lamps-kyber-certificates.txt
 delete mode 100644 seanturner-md-fix/index.html
 rename {draft-ietf-lamps-kyber-certificates-02 => seanturner-name-change}/draft-ietf-lamps-kyber-certificates.html (92%)
 rename {seanturner-asides => seanturner-name-change}/draft-ietf-lamps-kyber-certificates.txt (85%)
 rename {seanturner-md-fix => seanturner-name-change}/draft-turner-lamps-nist-pqc-kem-certificates.html (99%)
 rename {seanturner-md-fix => seanturner-name-change}/draft-turner-lamps-nist-pqc-kem-certificates.txt (98%)
 rename {draft-ietf-lamps-kyber-certificates-02 => seanturner-name-change}/index.html (78%)

diff --git a/draft-ietf-lamps-kyber-certificates-02/draft-ietf-lamps-kyber-certificates.txt b/draft-ietf-lamps-kyber-certificates-02/draft-ietf-lamps-kyber-certificates.txt
deleted file mode 100644
index e4dfe0b..0000000
--- a/draft-ietf-lamps-kyber-certificates-02/draft-ietf-lamps-kyber-certificates.txt
+++ /dev/null
@@ -1,415 +0,0 @@
-
-
-
-
-LAMPS                                                          S. Turner
-Internet-Draft                                                     sn3rd
-Intended status: Standards Track                           P. Kampanakis
-Expires: 25 April 2024                                        J. Massimo
-                                                                     AWS
-                                                           B. Westerbaan
-                                                              Cloudflare
-                                                         23 October 2023
-
-
-  Internet X.509 Public Key Infrastructure - Algorithm Identifiers for
-                                 Kyber
-               draft-ietf-lamps-kyber-certificates-latest
-
-Abstract
-
-   Kyber is a key-encapsulation mechanism (KEM).  This document
-   specifies algorithm identifiers and ASN.1 encoding format for Kyber
-   in public key certificates.  The encoding for public and private keys
-   are also provided.
-
-   \ [EDNOTE: This document is not expected to be finalized before the
-   NIST PQC Project has standardized PQ algorithms.  This specification
-   will use object identifiers for the new algorithms that are assigned
-   by NIST, and will use placeholders until these are released.
-
-About This Document
-
-   This note is to be removed before publishing as an RFC.
-
-   The latest revision of this draft can be found at https://lamps-
-   wg.github.io/kyber-certificates/#go.draft-ietf-lamps-kyber-
-   certificates.html.  Status information for this document may be found
-   at https://datatracker.ietf.org/doc/draft-ietf-lamps-kyber-
-   certificates/.
-
-   Discussion of this document takes place on the Limited Additional
-   Mechanisms for PKIX and SMIME (lamps) Working Group mailing list
-   (mailto:spasm@ietf.org), which is archived at
-   https://mailarchive.ietf.org/arch/browse/spasm/.  Subscribe at
-   https://www.ietf.org/mailman/listinfo/spasm/.
-
-   Source for this draft and an issue tracker can be found at
-   https://github.com/lamps-wg/kyber-certificates.
-
-Status of This Memo
-
-   This Internet-Draft is submitted in full conformance with the
-   provisions of BCP 78 and BCP 79.
-
-   Internet-Drafts are working documents of the Internet Engineering
-   Task Force (IETF).  Note that other groups may also distribute
-   working documents as Internet-Drafts.  The list of current Internet-
-   Drafts is at https://datatracker.ietf.org/drafts/current/.
-
-   Internet-Drafts are draft documents valid for a maximum of six months
-   and may be updated, replaced, or obsoleted by other documents at any
-   time.  It is inappropriate to use Internet-Drafts as reference
-   material or to cite them other than as "work in progress."
-
-   This Internet-Draft will expire on 25 April 2024.
-
-Copyright Notice
-
-   Copyright (c) 2023 IETF Trust and the persons identified as the
-   document authors.  All rights reserved.
-
-   This document is subject to BCP 78 and the IETF Trust's Legal
-   Provisions Relating to IETF Documents (https://trustee.ietf.org/
-   license-info) in effect on the date of publication of this document.
-   Please review these documents carefully, as they describe your rights
-   and restrictions with respect to this document.  Code Components
-   extracted from this document must include Revised BSD License text as
-   described in Section 4.e of the Trust Legal Provisions and are
-   provided without warranty as described in the Revised BSD License.
-
-Table of Contents
-
-   1.  Introduction
-     1.1.  ASN.1 and Kyber Identifiers
-     1.2.  Applicability Statement
-   2.  Conventions and Definitions
-   3.  Algorithm Identifiers
-   4.  Kyber Public Key Identifiers
-   5.  Subject Public Key Fields
-   6.  Private Key Format
-   7.  ASN.1 Module
-   8.  Security Considerations
-   9.  IANA Considerations
-   10. References
-     10.1.  Normative References
-     10.2.  Informative References
-   Acknowledgments
-   Authors' Addresses
-
-1.  Introduction
-
-   Kyber is a key-encapsulation mechanism (KEM) standardized by the US
-   NIST PQC Project [PQCProj].  This document specifies the use of the
-   Kyber algorithm at three security levels: Kyber512, Kyber768, and
-   Kyber1024, in X.509 public key certificates; see [RFC5280].  Public
-   and private key encodings are also specified.
-
-1.1.  ASN.1 and Kyber Identifiers
-
-   An ASN.1 module [X680] is included for reference purposes.  Note that
-   as per [RFC5280], certificates use the Distinguished Encoding Rules;
-   see [X690].  Also note that NIST defined the object identifiers for
-   the Kyber algorithms in an ASN.1 modulle; see (TODO insert
-   reference).
-
-1.2.  Applicability Statement
-
-   Kyber certificates are used in protocols where the public key is used
-   to generate and encapsulate a shared secret used to derive a
-   symmetric key used to encrypt a payload; see [I-D.ietf-lamps-kyber].
-   To be used in TLS, Kyber certificates could only be used as end-
-   entity identity certificates and would require significant updates to
-   the protocol; see [I-D.celi-wiggers-tls-authkem].
-
-2.  Conventions and Definitions
-
-   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
-   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
-   "OPTIONAL" in this document are to be interpreted as described in
-   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
-   capitals, as shown here.
-
-3.  Algorithm Identifiers
-
-   Certificates conforming to [RFC5280] can convey a public key for any
-   public key algorithm.  The certificate indicates the algorithm
-   through an algorithm identifier.  An algorithm identifier consists of
-   an object identifier and optional parameters.
-
-   The AlgorithmIdentifier type, which is included herein for
-   convenience, is defined as follows:
-
-    AlgorithmIdentifier{ALGORITHM-TYPE, ALGORITHM-TYPE:AlgorithmSet} ::=
-      SEQUENCE {
-        algorithm   ALGORITHM-TYPE.&id({AlgorithmSet}),
-        parameters  ALGORITHM-TYPE.
-                      &Params({AlgorithmSet}{@algorithm}) OPTIONAL
-      }
-
-      |  : The above syntax is from [RFC5912] and is compatible with the
-      |  2021 ASN.1 syntax [X680].
-
-   The fields in AlgorithmIdentifier have the following meanings:
-
-   *  algorithm identifies the cryptographic algorithm with an object
-      identifier.
-
-   *  parameters, which are optional, are the associated parameters for
-      the algorithm identifier in the algorithm field.
-
-   Section 4 includes object identifiers for Kyber-512, Kyber-768, and
-   Kyber-1024.  For all of these OIDs, the parameters MUST be absent.
-
-      |  : It is possible to find systems that require the parameters to
-      |  be present.  This can be due to either a defect in the original
-      |  1997 syntax or a programming error where developers never got
-      |  input where this was not true.  The optimal solution is to fix
-      |  these systems; where this is not possible, the problem needs to
-      |  be restricted to that subsystem and not propagated to the
-      |  Internet.
-
-4.  Kyber Public Key Identifiers
-
-   The AlgorithmIdentifier for a Kyber public key MUST use one of the
-   id-alg-kyber object identifiers listed below, based on the security
-   level.  The parameters field of the AlgorithmIdentifier for the Kyber
-   public key MUST be absent.
-
-   When any of the Kyber AlgorithmIdentifier appears in the
-   SubjectPublicKeyInfo field of an X.509 certificate, the key usage
-   certificate extension MUST only contain keyEncipherment
-   Section 4.2.1.3 of [RFC5280].
-
-     pk-kyber-512 PUBLIC-KEY ::= {
-       IDENTIFIER id-alg-kyber-512
-       -- KEY no ASN.1 wrapping --
-       PARAMS ARE absent
-       CERT-KEY-USAGE
-         { keyEncipherment }
-       --- PRIVATE-KEY no ASN.1 wrapping --
-       }
-
-     pk-kyber-768 PUBLIC-KEY ::= {
-       IDENTIFIER id-alg-kyber-768
-       -- KEY no ASN.1 wrapping --
-       PARAMS ARE absent
-       CERT-KEY-USAGE
-         { keyEncipherment }
-       --- PRIVATE-KEY no ASN.1 wrapping --
-       }
-
-     pk-kyber-1024 PUBLIC-KEY ::= {
-       IDENTIFIER id-alg-kyber-1024
-       -- KEY no ASN.1 wrapping --
-       PARAMS ARE absent
-       CERT-KEY-USAGE
-         { keyEncipherment }
-       --- PRIVATE-KEY no ASN.1 wrapping --
-       }
-
-      |  : As noted in Section 3, the values for these object identifers
-      |  will be assigned by NIST.  Once assigned, they will be added to
-      |  a future revision of this document.
-
-5.  Subject Public Key Fields
-
-   In the X.509 certificate, the subjectPublicKeyInfo field has the
-   SubjectPublicKeyInfo type, which has the following ASN.1 syntax:
-
-     SubjectPublicKeyInfo {PUBLIC-KEY: IOSet} ::= SEQUENCE {
-         algorithm        AlgorithmIdentifier {PUBLIC-KEY, {IOSet}},
-         subjectPublicKey BIT STRING
-     }
-
-      |  : The above syntax is from [RFC5912] and is compatible with the
-      |  2021 ASN.1 syntax [X680].
-
-   The fields in SubjectPublicKeyInfo have the following meaning:
-
-   *  algorithm is the algorithm identifier and parameters for the
-      public key (see above).
-
-   *  subjectPublicKey contains the byte stream of the public key.  The
-      algorithms defined in this document always encode the public key
-      as TODO pick format e.g., exact multiple of 8 bits?.
-
-   The following is an example of a Kyber-512 public key encoded using
-   the textual encoding defined in [RFC7468]:
-
-     -----BEGIN PUBLIC KEY-----
-     TODO insert example public key
-     -----END PUBLIC KEY-------
-
-6.  Private Key Format
-
-   "Asymmetric Key Packages" [RFC5958] describes how to encode a private
-   key in a structure that both identifies what algorithm the private
-   key is for and allows for the public key and additional attributes
-   about the key to be included as well.  For illustration, the ASN.1
-   structure OneAsymmetricKey is replicated below.  The algorithm-
-   specific details of how a private key is encoded are left for the
-   document describing the algorithm itself.
-
-     OneAsymmetricKey ::= SEQUENCE {
-       version                  Version,
-       privateKeyAlgorithm      SEQUENCE {
-       algorithm                PUBLIC-KEY.&id({PublicKeySet}),
-       parameters               PUBLIC-KEY.&Params({PublicKeySet}
-                                  {@privateKeyAlgorithm.algorithm})
-                                     OPTIONAL}
-       privateKey               OCTET STRING (CONTAINING
-                                  PUBLIC-KEY.&PrivateKey({PublicKeySet}
-                                    {@privateKeyAlgorithm.algorithm})),
-       attributes           [0] Attributes OPTIONAL,
-       ...,
-       [[2: publicKey       [1] BIT STRING (CONTAINING
-                                  PUBLIC-KEY.&Params({PublicKeySet}
-                                    {@privateKeyAlgorithm.algorithm})
-                                    OPTIONAL,
-       ...
-     }
-
-     PrivateKey ::= OCTET STRING
-
-     PublicKey ::= BIT STRING
-
-      |  : The above syntax is from [RFC5958] and is compatible with the
-      |  2021 ASN.1 syntax [X680].
-
-   For the keys defined in this document, the private key is always an
-   opaque byte sequence.  The ASN.1 type PqckemPrivateKey is defined in
-   this document to hold the byte sequence.  Thus, when encoding a
-   OneAsymmetricKey object, the private key is wrapped in a
-   PqckemPrivateKey object and wrapped by the OCTET STRING of the
-   "privateKey" field.
-
-     PqckemPrivateKey ::= OCTET STRING
-
-   The following is an example of a Kyber-512 private key encoded using
-   the textual encoding defined in [RFC7468]:
-
-     -----BEGIN PRIVATE KEY-----
-     TODO iser example private key
-     -----END PRIVATE KEY-------
-
-   The following example, in addition to encoding the Kyber-512 private
-   key, has an attribute included as well as the public key.  As with
-   the prior example, the textual encoding defined in [RFC7468] is used:
-
-     -----BEGIN PRIVATE KEY-----
-     TODO insert example private key with attribute
-     -----END PRIVATE KEY-------
-
-      |  : There exist some private key import functions that have not
-      |  implemented the new ASN.1 structure OneAsymmetricKey that is
-      |  defined in [RFC5958].  This means that they will not accept a
-      |  private key structure that contains the public key field.  This
-      |  means a balancing act needs to be done between being able to do
-      |  a consistency check on the key pair and widest ability to
-      |  import the key.
-
-7.  ASN.1 Module
-
-   TODO ASN.1 Module
-
-8.  Security Considerations
-
-   The Security Considerations section of [RFC5280] applies to this
-   specification as well.
-
-   [EDNOTE: Discuss side-channels for Kyber TBD1.]
-
-9.  IANA Considerations
-
-   This document will have some IANA actions.
-
-10.  References
-
-10.1.  Normative References
-
-   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
-              Requirement Levels", BCP 14, RFC 2119,
-              DOI 10.17487/RFC2119, March 1997,
-              <https://www.rfc-editor.org/rfc/rfc2119>.
-
-   [RFC5280]  Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
-              Housley, R., and W. Polk, "Internet X.509 Public Key
-              Infrastructure Certificate and Certificate Revocation List
-              (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
-              <https://www.rfc-editor.org/rfc/rfc5280>.
-
-   [RFC5912]  Hoffman, P. and J. Schaad, "New ASN.1 Modules for the
-              Public Key Infrastructure Using X.509 (PKIX)", RFC 5912,
-              DOI 10.17487/RFC5912, June 2010,
-              <https://www.rfc-editor.org/rfc/rfc5912>.
-
-   [RFC5958]  Turner, S., "Asymmetric Key Packages", RFC 5958,
-              DOI 10.17487/RFC5958, August 2010,
-              <https://www.rfc-editor.org/rfc/rfc5958>.
-
-   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
-              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
-              May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.
-
-   [X680]     ITU-T, "Information technology - Abstract Syntax Notation
-              One (ASN.1): Specification of basic notation", ISO/
-              IEC 8824-1:2021, February 2021,
-              <https://www.itu.int/rec/T-REC-X.680>.
-
-   [X690]     ITU-T, "Information technology - Abstract Syntax Notation
-              One (ASN.1): ASN.1 encoding rules: Specification of Basic
-              Encoding Rules (BER), Canonical Encoding Rules (CER) and
-              Distinguished Encoding Rules (DER)", ISO/IEC 8825-1:2021,
-              February 2021, <https://www.itu.int/rec/T-REC-X.690>.
-
-10.2.  Informative References
-
-   [I-D.celi-wiggers-tls-authkem]
-              Wiggers, T., Celi, S., Schwabe, P., Stebila, D., and N.
-              Sullivan, "KEM-based Authentication for TLS 1.3", Work in
-              Progress, Internet-Draft, draft-celi-wiggers-tls-authkem-
-              02, 18 August 2023,
-              <https://datatracker.ietf.org/doc/html/draft-celi-wiggers-
-              tls-authkem-02>.
-
-   [I-D.ietf-lamps-kyber]
-              Prat, J. and M. Ounsworth, "Use of KYBER in the
-              Cryptographic Message Syntax (CMS)", Work in Progress,
-              Internet-Draft, draft-ietf-lamps-kyber-00, 10 November
-              2022, <https://datatracker.ietf.org/doc/html/draft-ietf-
-              lamps-kyber-00>.
-
-   [PQCProj]  National Institute of Standards and Technology, "Post-
-              Quantum Cryptography Project", 20 December 2016,
-              <https://csrc.nist.gov/projects/post-quantum-
-              cryptography>.
-
-   [RFC7468]  Josefsson, S. and S. Leonard, "Textual Encodings of PKIX,
-              PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468,
-              April 2015, <https://www.rfc-editor.org/rfc/rfc7468>.
-
-Acknowledgments
-
-   TODO acknowledge.
-
-Authors' Addresses
-
-   Sean Turner
-   sn3rd
-   Email: sean@sn3rd.com
-
-
-   Panos Kampanakis
-   AWS
-   Email: kpanos@amazon.com
-
-
-   Jake Massimo
-   AWS
-   Email: jakemas@amazon.com
-
-
-   Bas Westerbaan
-   Cloudflare
-   Email: bas@westerbaan.name
diff --git a/draft-ietf-lamps-kyber-certificates-02/draft-turner-lamps-nist-pqc-kem-certificates.html b/draft-ietf-lamps-kyber-certificates-02/draft-turner-lamps-nist-pqc-kem-certificates.html
deleted file mode 100644
index 007d7d1..0000000
--- a/draft-ietf-lamps-kyber-certificates-02/draft-turner-lamps-nist-pqc-kem-certificates.html
+++ /dev/null
@@ -1,1576 +0,0 @@
-<!DOCTYPE html>
-<html lang="en" class="Internet-Draft">
-<head>
-<meta charset="utf-8">
-<meta content="Common,Latin" name="scripts">
-<meta content="initial-scale=1.0" name="viewport">
-<title>Algorithm Identifiers for NIST's PQC Algorithms for Use in the Internet X.509 Public Key Infrastructure</title>
-<meta content="Sean Turner" name="author">
-<meta content="Panos Kampanakis" name="author">
-<meta content="Jake Massimo" name="author">
-<meta content="Bas Westerbaan" name="author">
-<meta content="
-       This document specifies algorithm identifiers and ASN.1 encoding format
-for the US NIST's PQC KEM (United States National Institute of Standards
-and Technology's Post Quantum Cryptography Key Encapsulation Mechanism)
-algorithms. The algorithms covered are Candidate TBD1. The
-encoding for public key and private key is also provided. 
-       [EDNOTE:
-This draft is not expected to be finalized before the NIST PQC Project
-has standardized PQ algorithms. After NIST has standardized its first
-algorithms, this document will replace TBD, with the appropriate
-algorithms and parameters before proceeding to ratification. The
-algorithm Candidate TBD1 has been added as an example in this draft, to
-provide a more detailed illustration of the content - it by no means
-indicates its inclusion in the final version. This specification will
-use object identifiers for the new algorithms that are assigned by NIST,
-and will use placeholders until these are released.] 
-    " name="description">
-<meta content="xml2rfc 3.18.2" name="generator">
-<meta content="Internet-Draft" name="keyword">
-<meta content="draft-turner-lamps-nist-pqc-kem-certificates-latest" name="ietf.draft">
-<!-- Generator version information:
-  xml2rfc 3.18.2
-    Python 3.11.6
-    ConfigArgParse 1.5.3
-    google-i18n-address 3.1.0
-    intervaltree 3.1.0
-    Jinja2 3.1.2
-    lxml 4.9.3
-    platformdirs 3.11.0
-    pycountry 22.3.5
-    PyYAML 6.0
-    requests 2.31.0
-    setuptools 67.7.2
-    six 1.16.0
-    wcwidth 0.2.8
--->
-<link href="draft-turner-lamps-nist-pqc-kem-certificates.xml" rel="alternate" type="application/rfc+xml">
-<link href="#copyright" rel="license">
-<style type="text/css">@font-face {
-  font-family: 'Lora';
-  font-style: italic;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Italic'), local('Lora-Italic'), url('https://martinthomson.github.io/rfc-css/fonts/lora-italic-cyrillic-ext.woff2') format('woff2');
-  unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: italic;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Italic'), local('Lora-Italic'), url('https://martinthomson.github.io/rfc-css/fonts/lora-italic-cyrillic-ext.woff2') format('woff2');
-  unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: italic;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Italic'), local('Lora-Italic'), url('https://martinthomson.github.io/rfc-css/fonts/lora-italic-vietnamese.woff2') format('woff2');
-  unicode-range: U+0102-0103, U+0110-0111, U+1EA0-1EF9, U+20AB;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: italic;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Italic'), local('Lora-Italic'), url('https://martinthomson.github.io/rfc-css/fonts/lora-italic-latin-ext.woff2') format('woff2');
-  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-}
-
-@font-face {
-  font-family: 'Lora';
-  font-style: italic;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Italic'), local('Lora-Italic'), url('https://martinthomson.github.io/rfc-css/fonts/lora-italic-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Regular'), local('Lora-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/lora-regular-cyrillic-ext.woff2') format('woff2');
-  unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Regular'), local('Lora-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/lora-regular-cyrillic.woff2') format('woff2');
-  unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Regular'), local('Lora-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/lora-regular-vietnamese.woff2') format('woff2');
-  unicode-range: U+0102-0103, U+0110-0111, U+1EA0-1EF9, U+20AB;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Regular'), local('Lora-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/lora-regular-latin-ext.woff2') format('woff2');
-  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Regular'), local('Lora-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/lora-regular-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local('Lora Bold'), local('Lora-Bold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-bold-cyrillic-ext.woff2') format('woff2');
-  unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local('Lora Bold'), local('Lora-Bold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-bold-cyrillic.woff2') format('woff2');
-  unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local('Lora Bold'), local('Lora-Bold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-bold-vietnamese.woff2') format('woff2');
-  unicode-range: U+0102-0103, U+0110-0111, U+1EA0-1EF9, U+20AB;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local('Lora Bold'), local('Lora-Bold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-bold-latin-ext.woff2') format('woff2');
-  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local('Lora Bold'), local('Lora-Bold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-bold-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 600;
-  font-display: swap;
-  src: local('Lora SemiBold'), local('Lora-SemiBold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-semibold-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-
-@font-face {
-  font-family: 'Cabin Condensed';
-  font-style: normal;
-  font-weight: 600;
-  font-display: swap;
-  src: local('Cabin Condensed SemiBold'), local('CabinCondensed-SemiBold'), url('https://martinthomson.github.io/rfc-css/fonts/cabincondensed-semibold-vietnamese.woff2') format('woff2');
-  unicode-range: U+0102-0103, U+0110-0111, U+1EA0-1EF9, U+20AB;
-}
-@font-face {
-  font-family: 'Cabin Condensed';
-  font-style: normal;
-  font-weight: 600;
-  font-display: swap;
-  src: local('Cabin Condensed SemiBold'), local('CabinCondensed-SemiBold'), url('https://martinthomson.github.io/rfc-css/fonts/cabincondensed-semibold-latin-ext.woff2') format('woff2');
-  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-}
-@font-face {
-  font-family: 'Cabin Condensed';
-  font-style: normal;
-  font-weight: 600;
-  font-display: swap;
-  src: local('Cabin Condensed SemiBold'), local('CabinCondensed-SemiBold'), url('https://martinthomson.github.io/rfc-css/fonts/cabincondensed-semibold-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-
-@font-face {
-  font-family: 'Oxygen Mono';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Oxygen Mono'), local('OxygenMono-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/oxygenmono-regular-latin-ext.woff2') format('woff2');
-  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-}
-@font-face {
-  font-family: 'Oxygen Mono';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Oxygen Mono'), local('OxygenMono-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/oxygenmono-regular-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-
-:root {
-  color-scheme: light dark;
-  --background-color: #fff;
-  --text-color: #222;
-  --title-color: #191919;
-  --link-color: #2a6496;
-  --highlight-color: #f9f9f9;
-  --line-color: #eee;
-  --pilcrow-weak: #ddd;
-  --pilcrow-strong: #bbb;
-  --small-font-size: 14.5px;
-  --font-mono: 'Oxygen Mono', monospace;
-  scrollbar-color: #bbb #eee;
-}
-body {
-  max-width: 600px;
-  margin: 75px auto;
-  padding: 0 5px;
-  color: var(--text-color);
-  background-color: var(--background-color);
-  font: 16px/22px "Lora", serif;
-  scroll-behavior: smooth;
-}
-
-.ears {
-  display: none;
-}
-
-/* headings */
-h1, h2, h3, h4, h5, h6 {
-  font-family: "Cabin Condensed", sans-serif;
-  font-weight: 600;
-  margin: 0.8em 0 0.3em;
-  font-size-adjust: 0.5;
-  color: var(--title-color);
-}
-h1#title {
-  font-size: 32px;
-  line-height: 40px;
-  clear: both;
-}
-h1#title, h1#rfcnum {
-  margin: 1.5em 0 0.2em;
-}
-h1#rfcnum + h1#title {
-  margin: 0.2em 0;
-}
-
-h1, h2, h3 {
-  font-size: 22px;
-  line-height: 27px;
-}
-h4, h5, h6 {
-  font-size: 20px;
-  line-height: 24px;
-}
-
-/* general structure */
-.author {
-  padding-bottom: 0.3em;
-}
-#abstract+p {
-  font-size: 18px;
-  line-height: 24px;
-}
-#abstract+p code, #abstract+p samp, #abstract+p tt {
-  font-size: 16px;
-  line-height: 0;
-}
-
-p {
-  padding: 0;
-  margin: 0.5em 0;
-  text-align: left;
-}
-div {
-  margin: 0;
-}
-.alignRight.art-text {
-  background-color: var(--highlight-color);
-  border: 1px solid var(--line-color);
-  border-radius: 3px;
-  padding: 0.5em 1em 0;
-  margin-bottom: 0.5em;
-}
-.alignRight.art-text pre {
-  padding: 0;
-  width: auto;
-}
-.alignRight {
-  margin: 1em 0;
-}
-.alignRight > *:first-child {
-  border: none;
-  margin: 0;
-  float: right;
-  clear: both;
-}
-.alignRight > *:nth-child(2) {
-  clear: both;
-  display: block;
-  border: none;
-}
-svg {
-  display: block;
-}
-/* font-family isn't space-separated, but =~ will have to do */
-svg[font-family~="monospace" i], svg [font-family~="monospace" i] {
-  font-family: var(--font-mono);
-}
-.alignCenter.art-text {
-  background-color: var(--highlight-color);
-  border: 1px solid var(--line-color);
-  border-radius: 3px;
-  padding: 0.5em 1em 0;
-  margin-bottom: 0.5em;
-}
-.alignCenter.art-text pre {
-  padding: 0;
-  width: auto;
-}
-.alignCenter {
-  margin: 1em 0;
-}
-.alignCenter > *:first-child {
-  border: none;
-  /* this isn't optimal, but it's an existence proof.  PrinceXML doesn't
-     support flexbox yet.
-  */
-  display: table;
-  margin: 0 auto;
-}
-
-/* lists */
-ol, ul {
-  padding: 0;
-  margin: 0 0 0.5em 2em;
-}
-:is(ol, ul) :is(ol, ul) {
-  margin-left: 1em;
-}
-li {
-  margin: 0 0 0.25em 0;
-}
-.ulCompact li {
-  margin: 0;
-}
-ul.empty, .ulEmpty {
-  list-style-type: none;
-}
-ul.empty li, .ulEmpty li {
-  margin-top: 0.5em;
-}
-:is(ul, ol).compact, .ulCompact, .olCompact {
-  line-height: 1;
-  margin: 0 0 0 2em;
-}
-
-/* definition lists */
-dl {
-  clear: left;
-  --indent: 3ch;
-  /* --indent: attr(indent ch); not supported in any browser, but we can dream */
-}
-dl.olPercent {
-  --indent: 5ch;
-}
-dl > dt {
-  float: left;
-  margin-right: 2ch;
-  min-width: 8ch;
-}
-dl.dlNewline > dt {
-  float: none;
-}
-dl > dd {
-  margin-bottom: .8em;
-  margin-left: var(--indent) !important; /* stupid element overrides */
-  min-height: 2ex;
-}
-dl.olPercent > dt {
-  min-width: calc(var(--indent) - 2ch);
-}
-:is(dl.compact, .dlCompact) > dd {
-  margin-bottom: 0;
-}
-:is(dl.compact, .dlCompact) > dd > :is(:first-child, .break:first-child + *) {
-  margin-top: 0;
-}
-:is(dl.compact, .dlCompact) > dd > :is(:last-child) {
-  margin-bottom: 0;
-}
-dl > dd > dl {
-  margin-top: 0.5em;
-  margin-bottom: 0;
-}
-:is(dd, span).break {
-  display: none;
-}
-
-/* links */
-a, a[href].selfRef:hover {
-  text-decoration: none;
-}
-a[href] {
-  color: var(--link-color);
-}
-a[href].selfRef, .iref + a[href].internal {
-  color: var(--text-color);
-}
-a[href]:hover {
-  text-decoration: underline;
-}
-a[href].selfRef:hover {
-  background-color: var(--highlight-color);
-}
-a.xref:is(.cite, .auto), :is(#status-of-memo, #copyright) a {
-  white-space: nowrap;
-}
-
-/* Figures */
-tt, code, pre {
-  background-color: var(--highlight-color);
-  font: 14px/22px var(--font-mono);
-}
-tt, code {
-  /* changing the font for inline elements leads to different ascender
-     and descender heights; as we want to retain baseline alignment,
-     remove leading to avoid altering the final height of lines
-     note: this fails if these blocks take an entire line,
-     a different solution would be great */
-  line-height: 0;
-}
-:is(h1, h2, h3, h4, h5, h6) :is(tt, code) {
-  font-size: 84%;
-}
-pre {
-  border: 1px solid var(--line-color);
-  font-size: 13.5px;
-  line-height: 16px;
-  letter-spacing: -0.2px;
-  margin: 5px;
-  padding: 5px;
-}
-img {
-  max-width: 100%;
-}
-figure {
-  margin: 0.5em 0;
-  padding: 0;
-}
-figure blockquote {
-  margin: 0.8em 0.4em 0.4em;
-}
-figcaption, caption {
-  font-style: italic;
-  margin: 0.5em 1.5em;
-  text-align: left;
-}
-@media screen {
-  /* Auto-collapse boilerplate. */
-  :is(#status-of-memo, #copyright) p {
-    margin: -2px 0;
-    max-height: 0;
-    transition: max-height 2s ease, margin 0.5s ease 0.5s;
-    overflow: hidden;
-  }
-  :is(#status-of-memo, #copyright):hover p,
-  :is(#status-of-memo, #copyright) h2:target ~ p {
-    margin: 0.5em 0;
-    max-height: 500px;
-    overflow: auto;
-  }
-  pre, svg {
-    display: inline-block;
-    overflow-x: auto;
-  }
-  pre {
-    max-width: 100%;
-    width: calc(100% - 22px - 1em);
-  }
-  svg {
-    max-width: calc(100% - 22px - 1em);
-  }
-  figure pre {
-    display: block;
-    width: calc(100% - 25px);
-  }
-  :is(pre, svg) + .pilcrow {
-    display: inline-block;
-    vertical-align: text-bottom;
-    padding-bottom: 8px;
-  }
-}
-
-/* aside, blockquote */
-aside, blockquote {
-  margin-left: 0;
-  padding: 0 2em;
-  font-style: italic;
-}
-blockquote {
-  margin: 1em 0;
-}
-cite {
-  display: block;
-  text-align: right;
-  font-style: italic;
-}
-
-/* tables */
-table {
-  max-width: 100%;
-  margin: 0 0 1em;
-  border-collapse: collapse;
-}
-table.right {
-  margin-left: auto;
-}
-table.center {
-  margin-left: auto;
-  margin-right: auto;
-}
-table.left {
-  margin-right: auto;
-}
-thead, tbody {
-  border: 1px solid var(--line-color);
-}
-th, td {
-  text-align: left;
-  vertical-align: top;
-  padding: 5px 10px;
-}
-th {
-  background-color: var(--line-color);
-}
-:is(tr:nth-child(2n), thead+tbody > tr:nth-child(2n+1)) > td {
-  background-color: var(--background-color);
-}
-:is(tr:nth-child(2n+1), thead+tbody > tr:nth-child(2n)) > td {
-  background-color: var(--highlight-color);
-}
-table caption {
-  margin: 0;
-  padding: 3px 0 3px 1em;
-}
-table p {
-  margin: 0;
-}
-
-/* pilcrow */
-a.pilcrow {
-  margin-left: 3px;
-  opacity: 0.2;
-  user-select: none;
-}
-a.pilcrow[href] { color: var(--pilcrow-weak); }
-a.pilcrow[href]:hover { text-decoration: none; }
-@media not print {
-  :hover > a.pilcrow {
-    opacity: 1;
-  }
-  a.pilcrow[href]:hover {
-    color: var(--pilcrow-strong);
-    background-color: transparent;
-  }
-}
-@media print {
-  a.pilcrow {
-    display: none;
-  }
-}
-
-/* misc */
-hr {
-  border: 0;
-  border-top: 1px solid var(--line-color);
-}
-.bcp14 {
-  font-variant: small-caps;
-  font-weight: 600;
-  font-size: var(--small-font-size);
-}
-.role {
-  font-variant: all-small-caps;
-}
-sub, sup {
-  line-height: 1;
-  font-size: 80%;
-}
-
-/* info block */
-#identifiers {
-  margin: 0;
-  font-size: var(--small-font-size);
-  line-height: 18px;
-  --identifier-width: 15ch;
-}
-#identifiers dt {
-  width: var(--identifier-width);
-  min-width: var(--identifier-width);
-  clear: left;
-  float: left;
-  text-align: right;
-  margin-right: 1ch;
-}
-#identifiers dd {
-  margin: 0;
-  margin-left: calc(1em + var(--identifier-width)) !important;
-  min-width: 5em;
-}
-#identifiers .authors .author {
-  display: inline-block;
-  margin-right: 1.5em;
-}
-#identifiers .authors .org {
-  font-style: italic;
-}
-
-/* The prepared/rendered info at the very bottom of the page */
-.docInfo {
-  color: #999;
-  font-size: 0.9em;
-  font-style: italic;
-  margin-top: 2em;
-}
-.docInfo .prepared {
-  float: left;
-}
-.docInfo .prepared {
-  float: right;
-}
-
-/* table of contents */
-#toc {
-  padding: 0.75em 0 2em 0;
-  margin-bottom: 1em;
-}
-#toc nav ul {
-  margin: 0 0.5em 0 0;
-  padding: 0;
-  list-style: none;
-}
-#toc nav li {
-  line-height: 1.3em;
-  margin: 2px 0;
-  padding-left: 1.2em;
-  text-indent: -1.2em;
-}
-#toc a.xref {
-  white-space: normal;
-}
-/* references */
-.references dt {
-  text-align: right;
-  font-weight: bold;
-  min-width: 10ch;
-  margin-right: 1.5ch;
-}
-.references dt:target::before {
-  content: "⇒";
-  width: 15px;
-  margin: 0 10px 0 -25px;
-}
-.references dd {
-  margin-left: 12ch !important;
-  overflow: auto;
-}
-
-.refInstance {
-  margin-bottom: 1.25em;
-}
-
-.references .ascii {
-  margin-bottom: 0.25em;
-}
-
-/* index */
-#rfc\.index\.index + ul {
-  margin-left: 0;
-}
-
-/* authors */
-address.vcard {
-  font-style: normal;
-  margin: 1em 0;
-}
-address.vcard .nameRole {
-  font-weight: 700;
-  margin-left: 0;
-}
-address.vcard .label {
-  margin: 0.5em 0;
-}
-address.vcard .type {
-  display: none;
-}
-.alternative-contact {
-  margin: 1.5em 0 1em;
-}
-hr.addr {
-  border-top: 1px dashed;
-  margin: 0;
-  color: #ddd;
-  max-width: calc(100% - 16px);
-}
-@media (min-width: 500px) {
-  #authors-addresses > section {
-    column-count: 2;
-    column-gap: 20px;
-  }
-  #authors-addresses > section > h2 {
-    column-span: all;
-  }
-  /* hack for break-inside: avoid-column */
-  #authors-addresses address {
-    display: inline-block;
-    break-inside: avoid-column;
-  }
-}
-
-.rfcEditorRemove p:first-of-type {
-  font-style: italic;
-}
-.cref {
-  background-color: rgba(249, 232, 105, 0.3);
-  padding: 2px 4px;
-}
-.crefSource {
-  font-style: italic;
-}
-/* alternative layout for smaller screens */
-@media screen and (max-width: 929px) {
-  #toc {
-    position: fixed;
-    z-index: 2;
-    top: 0;
-    right: 0;
-    padding: 1px 0 0 0;
-    margin: 0;
-    border-bottom: 1px solid #ccc;
-    opacity: 0.6;
-  }
-  #toc.active {
-      opacity: 1;
-  }
-  #toc h2 {
-    margin: 0;
-    padding: 2px 0 2px 6px;
-    padding-right: 1em;
-    font-size: 18px;
-    line-height: 24px;
-    min-width: 190px;
-    text-align: right;
-    background-color: #444;
-    color: white;
-    cursor: pointer;
-  }
-  #toc h2::before { /* css hamburger */
-    float: right;
-    position: relative;
-    width: 1em;
-    height: 1px;
-    left: -164px;
-    margin: 8px 0 0 0;
-    background: white none repeat scroll 0 0;
-    box-shadow: 0 4px 0 0 white, 0 8px 0 0 white;
-    content: "";
-  }
-  #toc nav {
-    display: none;
-    background-color: var(--background-color);
-    padding: 0.5em 1em 1em;
-    overflow: auto;
-    overscroll-behavior: contain;
-    height: calc(100vh - 48px);
-    border-left: 1px solid #ddd;
-  }
-  #toc.active nav {
-    display: block;
-  }
-  /* Make the collapsed ToC header render white on gray also when it's a link */
-  #toc h2 a,
-  #toc h2 a:link,
-  #toc h2 a:focus,
-  #toc h2 a:hover,
-  #toc a.toplink,
-  #toc a.toplink:hover {
-    color: white;
-    background-color: #444;
-    text-decoration: none;
-  }
-  #toc a.toplink {
-    margin-top: 2px;
-  }
-}
-
-/* alternative layout for wide screens */
-@media screen and (min-width: 930px) {
-  body {
-    padding-right: 360px;
-    padding-right: calc(min(180px + 20%, 500px));
-  }
-  #toc {
-    position: fixed;
-    bottom: 0;
-    right: 0;
-    right: calc(50vw - 480px);
-    width: 312px;
-    margin: 0;
-    padding: 0;
-    z-index: 1;
-  }
-  #toc h2 {
-    margin: 0;
-    padding: 0.25em 1em 1em 0;
-  }
-  #toc nav {
-    display: block;
-    height: calc(90vh - 84px);
-    bottom: 0;
-    padding: 0.5em 0 2em;
-    overflow: auto;
-    overscroll-behavior: contain;
-    scrollbar-width: thin;
-  }
-  #toc nav > ul  {
-    margin-bottom: 2em;
-  }
-  #toc ul {
-    margin: 0 0 0 4px;
-    font-size: var(--small-font-size);
-  }
-  #toc ul :is(p, li) {
-    margin: 2px 0;
-    line-height: 22px;
-  }
-  img { /* future proofing */
-    max-width: 100%;
-    height: auto;
-  }
-}
-
-/* pagination */
-@media print {
-  body {
-    width: 100%;
-  }
-  p {
-    orphans: 3;
-    widows: 3;
-  }
-  #n-copyright-notice {
-    border-bottom: none;
-  }
-  #toc, #n-introduction {
-    page-break-before: always;
-  }
-  #toc {
-    border-top: none;
-    padding-top: 0;
-  }
-  figure, pre, .vcard {
-    page-break-inside: avoid;
-  }
-  h1, h2, h3, h4, h5, h6 {
-    page-break-after: avoid;
-  }
-  :is(h2, h3, h4, h5, h6)+*, dd {
-    page-break-before: avoid;
-  }
-  pre {
-    white-space: pre-wrap;
-    word-wrap: break-word;
-    font-size: 10pt;
-  }
-  table {
-    border: 1px solid #ddd;
-  }
-  td {
-    border-top: 1px solid #ddd;
-  }
-  .toplink {
-    display: none;
-  }
-}
-
-@page :first {
-  padding-top: 0;
-  @top-left {
-    content: normal;
-    border: none;
-  }
-  @top-center {
-    content: normal;
-    border: none;
-  }
-  @top-right {
-    content: normal;
-    border: none;
-  }
-}
-
-@page {
-  size: A4;
-  margin-bottom: 45mm;
-  padding-top: 20px;
-}
-
-/* Changes introduced to fix issues found during implementation */
-
-/* Separate body from document info even without intervening H1 */
-section {
-  clear: both;
-}
-
-/* Top align author divs, to avoid names without organization dropping level with org names */
-.author {
-  vertical-align: top;
-}
-
-/* Style section numbers with more space between number and title */
-.section-number {
-  padding-right: 0.5em;
-}
-
-/* Add styling for a link in the ToC that points to the top of the document */
-a.toplink {
-  float: right;
-  margin: 8px 0.5em 0;
-}
-
-/* Provide styling for table cell text alignment */
-table .text-left {
-  text-align: left;
-}
-table .text-center {
-  text-align: center;
-}
-table .text-right {
-  text-align: right;
-}
-
-/* Make the alternative author contact information look less like just another
-   author, and group it closer with the primary author contact information */
-.alternative-contact {
-  margin: 0.5em 0 0.25em 0;
-}
-address .non-ascii {
-  margin: 0 0 0 2em;
-}
-
-/* With it being possible to set tables with alignment
-  left, center, and right, { width: 100%; } does not make sense */
-table {
-  width: auto;
-}
-
-/* Avoid reference text that sits in a block with very wide left margin,
-   because of a long floating dt label.*/
-.references dd {
-  overflow: visible;
-}
-
-/* Control caption placement */
-caption {
-  caption-side: bottom;
-}
-
-/* Limit the width of the author address vcard, so names in right-to-left
-   script don't end up on the other side of the page. */
-
-address.vcard {
-  max-width: 20em;
-  margin-right: auto;
-}
-
-/* For address alignment dependent on LTR or RTL scripts */
-address div.left {
-  text-align: left;
-}
-address div.right {
-  text-align: right;
-}
-
-/* Dark mode. */
-@media (prefers-color-scheme: dark) {
-:root {
-  --background-color: #121212;
-  --text-color: #f0f0f0;
-  --title-color: #fff;
-  --link-color: #4da4f0;
-  --highlight-color: #282828;
-  --line-color: #444;
-  --pilcrow-weak: #444;
-  --pilcrow-strong: #666;
-  scrollbar-color: #777 #333;
-}
-}
-
-/* SVG Trick: a prefix match works because only black and white are allowed */
-svg :is([stroke="black"], [stroke^="#000"]) {
-  stroke: var(--text-color);
-}
-svg :is([stroke="white"], [stroke^="#fff"]) {
-  stroke: var(--background-color);
-}
-svg :is([fill="black"], [fill^="#000"], :not([fill])) {
-  fill: var(--text-color);
-}
-svg :is([fill="white"], [fill^="#fff"]) {
-  fill: var(--background-color);
-}
-</style>
-
-</head>
-<body class="xml2rfc">
-<table class="ears">
-<thead><tr>
-<td class="left">Internet-Draft</td>
-<td class="center">PQC KEM for Certificates</td>
-<td class="right">October 2023</td>
-</tr></thead>
-<tfoot><tr>
-<td class="left">Turner, et al.</td>
-<td class="center">Expires 25 April 2024</td>
-<td class="right">[Page]</td>
-</tr></tfoot>
-</table>
-<div id="external-metadata" class="document-information"></div>
-<div id="internal-metadata" class="document-information">
-<dl id="identifiers">
-<dt class="label-workgroup">Workgroup:</dt>
-<dd class="workgroup">None</dd>
-<dt class="label-internet-draft">Internet-Draft:</dt>
-<dd class="internet-draft">draft-turner-lamps-nist-pqc-kem-certificates-latest</dd>
-<dt class="label-published">Published:</dt>
-<dd class="published">
-<time datetime="2023-10-23" class="published">23 October 2023</time>
-    </dd>
-<dt class="label-intended-status">Intended Status:</dt>
-<dd class="intended-status">Standards Track</dd>
-<dt class="label-expires">Expires:</dt>
-<dd class="expires"><time datetime="2024-04-25">25 April 2024</time></dd>
-<dt class="label-authors">Authors:</dt>
-<dd class="authors">
-<div class="author">
-      <div class="author-name">S. Turner</div>
-<div class="org">sn3rd</div>
-</div>
-<div class="author">
-      <div class="author-name">P. Kampanakis</div>
-<div class="org">AWS</div>
-</div>
-<div class="author">
-      <div class="author-name">J. Massimo</div>
-<div class="org">AWS</div>
-</div>
-<div class="author">
-      <div class="author-name">B. Westerbaan</div>
-<div class="org">Cloudflare</div>
-</div>
-</dd>
-</dl>
-</div>
-<h1 id="title">Algorithm Identifiers for NIST's PQC Algorithms for Use in the Internet X.509 Public Key Infrastructure</h1>
-<section id="section-abstract">
-      <h2 id="abstract"><a href="#abstract" class="selfRef">Abstract</a></h2>
-<p id="section-abstract-1">This document specifies algorithm identifiers and ASN.1 encoding format
-for the US NIST's PQC KEM (United States National Institute of Standards
-and Technology's Post Quantum Cryptography Key Encapsulation Mechanism)
-algorithms. The algorithms covered are Candidate TBD1. The
-encoding for public key and private key is also provided.<a href="#section-abstract-1" class="pilcrow">¶</a></p>
-<p id="section-abstract-2">[EDNOTE:
-This draft is not expected to be finalized before the NIST PQC Project
-has standardized PQ algorithms. After NIST has standardized its first
-algorithms, this document will replace TBD, with the appropriate
-algorithms and parameters before proceeding to ratification. The
-algorithm Candidate TBD1 has been added as an example in this draft, to
-provide a more detailed illustration of the content - it by no means
-indicates its inclusion in the final version. This specification will
-use object identifiers for the new algorithms that are assigned by NIST,
-and will use placeholders until these are released.]<a href="#section-abstract-2" class="pilcrow">¶</a></p>
-</section>
-<section class="note rfcEditorRemove" id="section-note.1">
-      <h2 id="name-about-this-document">
-<a href="#name-about-this-document" class="section-name selfRef">About This Document</a>
-      </h2>
-<p id="section-note.1-1">This note is to be removed before publishing as an RFC.<a href="#section-note.1-1" class="pilcrow">¶</a></p>
-<p id="section-note.1-2">
-        Status information for this document may be found at <span><a href="https://datatracker.ietf.org/doc/draft-turner-lamps-nist-pqc-kem-certificates/">https://datatracker.ietf.org/doc/draft-turner-lamps-nist-pqc-kem-certificates/</a></span>.<a href="#section-note.1-2" class="pilcrow">¶</a></p>
-<p id="section-note.1-3">
-        Discussion of this document takes place on the
-        Limited Additional Mechanisms for PKIX and SMIME (lamps) Working Group mailing list (<span><a href="mailto:spasm@ietf.org">mailto:spasm@ietf.org</a></span>),
-        which is archived at <span><a href="https://mailarchive.ietf.org/arch/browse/spasm/">https://mailarchive.ietf.org/arch/browse/spasm/</a></span>.
-        Subscribe at <span><a href="https://www.ietf.org/mailman/listinfo/spasm/">https://www.ietf.org/mailman/listinfo/spasm/</a></span>.<a href="#section-note.1-3" class="pilcrow">¶</a></p>
-<p id="section-note.1-4">Source for this draft and an issue tracker can be found at
-        <span><a href="https://github.com/seanturner/draft-turner-lamps-nist-pqc-kem-certificates">https://github.com/seanturner/draft-turner-lamps-nist-pqc-kem-certificates</a></span>.<a href="#section-note.1-4" class="pilcrow">¶</a></p>
-</section>
-<div id="status-of-memo">
-<section id="section-boilerplate.1">
-        <h2 id="name-status-of-this-memo">
-<a href="#name-status-of-this-memo" class="section-name selfRef">Status of This Memo</a>
-        </h2>
-<p id="section-boilerplate.1-1">
-        This Internet-Draft is submitted in full conformance with the
-        provisions of BCP 78 and BCP 79.<a href="#section-boilerplate.1-1" class="pilcrow">¶</a></p>
-<p id="section-boilerplate.1-2">
-        Internet-Drafts are working documents of the Internet Engineering Task
-        Force (IETF). Note that other groups may also distribute working
-        documents as Internet-Drafts. The list of current Internet-Drafts is
-        at <span><a href="https://datatracker.ietf.org/drafts/current/">https://datatracker.ietf.org/drafts/current/</a></span>.<a href="#section-boilerplate.1-2" class="pilcrow">¶</a></p>
-<p id="section-boilerplate.1-3">
-        Internet-Drafts are draft documents valid for a maximum of six months
-        and may be updated, replaced, or obsoleted by other documents at any
-        time. It is inappropriate to use Internet-Drafts as reference
-        material or to cite them other than as "work in progress."<a href="#section-boilerplate.1-3" class="pilcrow">¶</a></p>
-<p id="section-boilerplate.1-4">
-        This Internet-Draft will expire on 25 April 2024.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="copyright">
-<section id="section-boilerplate.2">
-        <h2 id="name-copyright-notice">
-<a href="#name-copyright-notice" class="section-name selfRef">Copyright Notice</a>
-        </h2>
-<p id="section-boilerplate.2-1">
-            Copyright (c) 2023 IETF Trust and the persons identified as the
-            document authors. All rights reserved.<a href="#section-boilerplate.2-1" class="pilcrow">¶</a></p>
-<p id="section-boilerplate.2-2">
-            This document is subject to BCP 78 and the IETF Trust's Legal
-            Provisions Relating to IETF Documents
-            (<span><a href="https://trustee.ietf.org/license-info">https://trustee.ietf.org/license-info</a></span>) in effect on the date of
-            publication of this document. Please review these documents
-            carefully, as they describe your rights and restrictions with
-            respect to this document. Code Components extracted from this
-            document must include Revised BSD License text as described in
-            Section 4.e of the Trust Legal Provisions and are provided without
-            warranty as described in the Revised BSD License.<a href="#section-boilerplate.2-2" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="toc">
-<section id="section-toc.1">
-        <a href="#" onclick="scroll(0,0)" class="toplink">▲</a><h2 id="name-table-of-contents">
-<a href="#name-table-of-contents" class="section-name selfRef">Table of Contents</a>
-        </h2>
-<nav class="toc"><ul class="compact toc ulBare ulEmpty">
-<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.1">
-            <p id="section-toc.1-1.1.1" class="keepWithNext"><a href="#section-1" class="auto internal xref">1</a>.  <a href="#name-introduction" class="internal xref">Introduction</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.2">
-            <p id="section-toc.1-1.2.1" class="keepWithNext"><a href="#section-2" class="auto internal xref">2</a>.  <a href="#name-conventions-and-definitions" class="internal xref">Conventions and Definitions</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3">
-            <p id="section-toc.1-1.3.1" class="keepWithNext"><a href="#section-3" class="auto internal xref">3</a>.  <a href="#name-algorithm-identifiers" class="internal xref">Algorithm Identifiers</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4">
-            <p id="section-toc.1-1.4.1"><a href="#section-4" class="auto internal xref">4</a>.  <a href="#name-candidate-tbd1" class="internal xref">Candidate TBD1</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5">
-            <p id="section-toc.1-1.5.1"><a href="#section-5" class="auto internal xref">5</a>.  <a href="#name-subject-public-key-fields" class="internal xref">Subject Public Key Fields</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.6">
-            <p id="section-toc.1-1.6.1"><a href="#section-6" class="auto internal xref">6</a>.  <a href="#name-key-usage-bits" class="internal xref">Key Usage Bits</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.7">
-            <p id="section-toc.1-1.7.1"><a href="#section-7" class="auto internal xref">7</a>.  <a href="#name-private-key-format" class="internal xref">Private Key Format</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.8">
-            <p id="section-toc.1-1.8.1"><a href="#section-8" class="auto internal xref">8</a>.  <a href="#name-asn1-module" class="internal xref">ASN.1 Module</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.9">
-            <p id="section-toc.1-1.9.1"><a href="#section-9" class="auto internal xref">9</a>.  <a href="#name-security-considerations" class="internal xref">Security Considerations</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.10">
-            <p id="section-toc.1-1.10.1"><a href="#section-10" class="auto internal xref">10</a>. <a href="#name-iana-considerations" class="internal xref">IANA Considerations</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.11">
-            <p id="section-toc.1-1.11.1"><a href="#section-11" class="auto internal xref">11</a>. <a href="#name-references" class="internal xref">References</a></p>
-<ul class="compact toc ulBare ulEmpty">
-<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.11.2.1">
-                <p id="section-toc.1-1.11.2.1.1"><a href="#section-11.1" class="auto internal xref">11.1</a>.  <a href="#name-normative-references" class="internal xref">Normative References</a></p>
-</li>
-              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.11.2.2">
-                <p id="section-toc.1-1.11.2.2.1"><a href="#section-11.2" class="auto internal xref">11.2</a>.  <a href="#name-informative-references" class="internal xref">Informative References</a></p>
-</li>
-            </ul>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.12">
-            <p id="section-toc.1-1.12.1"><a href="#appendix-A" class="auto internal xref"></a><a href="#name-acknowledgments" class="internal xref">Acknowledgments</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.13">
-            <p id="section-toc.1-1.13.1"><a href="#appendix-B" class="auto internal xref"></a><a href="#name-authors-addresses" class="internal xref">Authors' Addresses</a></p>
-</li>
-        </ul>
-</nav>
-</section>
-</div>
-<div id="introduction">
-<section id="section-1">
-      <h2 id="name-introduction">
-<a href="#section-1" class="section-number selfRef">1. </a><a href="#name-introduction" class="section-name selfRef">Introduction</a>
-      </h2>
-<p id="section-1-1">The US NIST PQC Project has selected the Candidate TBD1
-algorithms as winners of their PQC Project <span>[<a href="#PQCProj" class="cite xref">PQCProj</a>]</span>. These
-algorithms are KEM algorithms. NIST has also defined object identifiers
-for these algorithms (TODO insert reference).<a href="#section-1-1" class="pilcrow">¶</a></p>
-<p id="section-1-2">This document specifies the use of the Candidate TBD1
-algorithms in X.509 public key certifiates, see <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span>.
-It also specifies private key encoding.
-An ASN.1 module is included for reference purposes.<a href="#section-1-2" class="pilcrow">¶</a></p>
-<p id="section-1-3">These certificates could be used as Issuers in CMS where the public key
-is used to encapsulate a shared secret used to derive a symmetric key
-used to encrypt content in CMS
-[EDNOTE: Add reference draft-perret-prat-lamps-cms-pq-kem].
-To be used in TLS, these certificates could only be used as end-entity
-identity certificates and would require significant updates to the
-protocol
-[EDNOTE: Add reference draft-celi-wiggers-tls-authkem].<a href="#section-1-3" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="conventions-and-definitions">
-<section id="section-2">
-      <h2 id="name-conventions-and-definitions">
-<a href="#section-2" class="section-number selfRef">2. </a><a href="#name-conventions-and-definitions" class="section-name selfRef">Conventions and Definitions</a>
-      </h2>
-<p id="section-2-1">The key words "<span class="bcp14">MUST</span>", "<span class="bcp14">MUST NOT</span>", "<span class="bcp14">REQUIRED</span>", "<span class="bcp14">SHALL</span>", "<span class="bcp14">SHALL NOT</span>", "<span class="bcp14">SHOULD</span>", "<span class="bcp14">SHOULD NOT</span>", "<span class="bcp14">RECOMMENDED</span>", "<span class="bcp14">NOT RECOMMENDED</span>",
-"<span class="bcp14">MAY</span>", and "<span class="bcp14">OPTIONAL</span>" in this document are to be interpreted as
-described in BCP 14 <span>[<a href="#RFC2119" class="cite xref">RFC2119</a>]</span> <span>[<a href="#RFC8174" class="cite xref">RFC8174</a>]</span> when, and only when, they
-appear in all capitals, as shown here.<a href="#section-2-1" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="algorithm-identifiers">
-<section id="section-3">
-      <h2 id="name-algorithm-identifiers">
-<a href="#section-3" class="section-number selfRef">3. </a><a href="#name-algorithm-identifiers" class="section-name selfRef">Algorithm Identifiers</a>
-      </h2>
-<p id="section-3-1">Certificates conforming to <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span> can convey a public key for any
-public key algorithm. The certificate indicates the algorithm through
-an algorithm identifier. An algorithm identifier consists of an object
-identifier and optional parameters.<a href="#section-3-1" class="pilcrow">¶</a></p>
-<p id="section-3-2">The AlgorithmIdentifier type, which is included herein for convenience,
-is defined as follows:<a href="#section-3-2" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-3-3">
-<pre>
-   AlgorithmIdentifier  ::=  SEQUENCE  {
-       algorithm   OBJECT IDENTIFIER,
-       parameters  ANY DEFINED BY algorithm OPTIONAL
-   }
-</pre><a href="#section-3-3" class="pilcrow">¶</a>
-</div>
-<aside id="section-3-4">
-        <p id="section-3-4.1">NOTE: The above syntax is from <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span> and matches the version used
-therein, i.e., the 1988 ASN.1 syntax. See <span>[<a href="#RFC5912" class="cite xref">RFC5912</a>]</span> for ASN.1
-copmatible with the 2015 ASN.1 syntax.<a href="#section-3-4.1" class="pilcrow">¶</a></p>
-</aside>
-<p id="section-3-5">The fields in AlgorithmIdentifier have the following meanings:<a href="#section-3-5" class="pilcrow">¶</a></p>
-<ul class="normal">
-<li class="normal" id="section-3-6.1">
-          <p id="section-3-6.1.1">algorithm identifies the cryptographic algorithm with an object
-identifier. XXX such OIDs are defined in Sections <a href="#candidate-TBD1" class="auto internal xref">Section 4</a>.<a href="#section-3-6.1.1" class="pilcrow">¶</a></p>
-</li>
-        <li class="normal" id="section-3-6.2">
-          <p id="section-3-6.2.1">parameters, which are optional, are the associated parameters for
-the algorithm identifier in the algorithm field.<a href="#section-3-6.2.1" class="pilcrow">¶</a></p>
-</li>
-      </ul>
-<p id="section-3-7">In this document, TODO (specify number) new OIDs for identifying the
-different algorithm and parameter pairs. For all of the object
-identifiers, the parameters <span class="bcp14">MUST</span> be absent.<a href="#section-3-7" class="pilcrow">¶</a></p>
-<p id="section-3-8">It is possible to find systems that require the parameters to be
-present. This can be due to either a defect in the original 1997
-syntax or a programming error where developers never got input where
-this was not true. The optimal solution is to fix these systems;
-where this is not possible, the problem needs to be restricted to
-that subsystem and not propagated to the Internet.<a href="#section-3-8" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="candidate-TBD1">
-<section id="section-4">
-      <h2 id="name-candidate-tbd1">
-<a href="#section-4" class="section-number selfRef">4. </a><a href="#name-candidate-tbd1" class="section-name selfRef">Candidate TBD1</a>
-      </h2>
-<p id="section-4-1">TODO insert object-identifiers<a href="#section-4-1" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="subject-public-key-fields">
-<section id="section-5">
-      <h2 id="name-subject-public-key-fields">
-<a href="#section-5" class="section-number selfRef">5. </a><a href="#name-subject-public-key-fields" class="section-name selfRef">Subject Public Key Fields</a>
-      </h2>
-<p id="section-5-1">In the X.509 certificate, the subjectPublicKeyInfo field has the
-SubjectPublicKeyInfo type, which has the following ASN.1 syntax:<a href="#section-5-1" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-5-2">
-<pre>
-  SubjectPublicKeyInfo  ::=  SEQUENCE  {
-      algorithm         AlgorithmIdentifier,
-      subjectPublicKey  BIT STRING
-  }
-</pre><a href="#section-5-2" class="pilcrow">¶</a>
-</div>
-<aside id="section-5-3">
-        <p id="section-5-3.1">NOTE: The above syntax is from <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span> and matches the version used
-therein, i.e., the 1988 ASN.1 syntax. See <span>[<a href="#RFC5912" class="cite xref">RFC5912</a>]</span> for ASN.1
-copmatible with the 2015 ASN.1 syntax.<a href="#section-5-3.1" class="pilcrow">¶</a></p>
-</aside>
-<p id="section-5-4">The fields in SubjectPublicKeyInfo have the following meanings:<a href="#section-5-4" class="pilcrow">¶</a></p>
-<ul class="normal">
-<li class="normal" id="section-5-5.1">
-          <p id="section-5-5.1.1">algorithm is the algorithm identifier and parameters for the
-public key (see above).<a href="#section-5-5.1.1" class="pilcrow">¶</a></p>
-</li>
-        <li class="normal" id="section-5-5.2">
-          <p id="section-5-5.2.1">subjectPublicKey contains the byte stream of the public key.  The
-algorithms defined in this document always encode the public key
-as TODO pick format e.g., exact multiple of 8 bits?.<a href="#section-5-5.2.1" class="pilcrow">¶</a></p>
-</li>
-      </ul>
-<p id="section-5-6">The following is an example of a TBD public key encoded using the
-textual encoding defined in <span>[<a href="#RFC7468" class="cite xref">RFC7468</a>]</span>.<a href="#section-5-6" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-5-7">
-<pre>
-  -----BEGIN PUBLIC KEY-----
-  TODO insert example public key
-  -----END PUBLIC KEY-------
-</pre><a href="#section-5-7" class="pilcrow">¶</a>
-</div>
-</section>
-</div>
-<div id="key-usage-bits">
-<section id="section-6">
-      <h2 id="name-key-usage-bits">
-<a href="#section-6" class="section-number selfRef">6. </a><a href="#name-key-usage-bits" class="section-name selfRef">Key Usage Bits</a>
-      </h2>
-<p id="section-6-1">The intended application for the key is indicated in the keyUsage
-certificate extension; see <span><a href="https://rfc-editor.org/rfc/rfc5280#section-4.2.1.3" class="relref">Section 4.2.1.3</a> of [<a href="#RFC5280" class="cite xref">RFC5280</a>]</span>.<a href="#section-6-1" class="pilcrow">¶</a></p>
-<p id="section-6-2">If the keyUsage extension is present in a certificate that indicates
-Candidate TBD1 in SubjectPublicKeyInfo, then the following
-<span class="bcp14">MUST</span> be present:<a href="#section-6-2" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-6-3">
-<pre>
-  keyEncipherment;
-</pre><a href="#section-6-3" class="pilcrow">¶</a>
-</div>
-</section>
-</div>
-<div id="private-key-format">
-<section id="section-7">
-      <h2 id="name-private-key-format">
-<a href="#section-7" class="section-number selfRef">7. </a><a href="#name-private-key-format" class="section-name selfRef">Private Key Format</a>
-      </h2>
-<p id="section-7-1">"Asymmetric Key Packages" <span>[<a href="#RFC5958" class="cite xref">RFC5958</a>]</span> describes how to encode a private
-key in a structure that both identifies what algorithm the private key
-is for and allows for the public key and additional attributes about the
-key to be included as well. For illustration, the ASN.1 structure
-OneAsymmetricKey is replicated below. The algorithm-specific details of
-how a private key is encoded are left for the document describing the
-algorithm itself.<a href="#section-7-1" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-7-2">
-<pre>
-  OneAsymmetricKey ::= SEQUENCE {
-      version                  Version,
-      privateKeyAlgorithm      PrivateKeyAlgorithmIdentifier,
-      privateKey               PrivateKey,
-      attributes           [0] IMPLICIT Attributes OPTIONAL,
-      ...,
-      [[2: publicKey       [1] IMPLICIT PublicKey OPTIONAL ]],
-      ...
-  }
-
-  PrivateKey ::= OCTET STRING
-
-  PublicKey ::= BIT STRING
-</pre><a href="#section-7-2" class="pilcrow">¶</a>
-</div>
-<aside id="section-7-3">
-        <p id="section-7-3.1">NOTE: The above syntax is from <span>[<a href="#RFC5958" class="cite xref">RFC5958</a>]</span> and matches the version used
-therein, i.e., the 2002 ASN.1 syntax. The syntax used therein is
-compatible with the 2015 ASN.1 syntax.<a href="#section-7-3.1" class="pilcrow">¶</a></p>
-</aside>
-<p id="section-7-4">For the keys defined in this document, the private key is always an
-opaque byte sequence. The ASN.1 type PqckemPrivateKey is defined in
-this document to hold the byte sequence. Thus, when encoding a
-OneAsymmetricKey object, the private key is wrapped in a
-PqckemPrivateKey object and wrapped by the OCTET STRING of the
-"privateKey" field.<a href="#section-7-4" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-7-5">
-<pre>
-  PqckemPrivateKey ::= OCTET STRING
-</pre><a href="#section-7-5" class="pilcrow">¶</a>
-</div>
-<p id="section-7-6">The following is an example of a TBD private key encoded using the
-textual encoding defined in <span>[<a href="#RFC7468" class="cite xref">RFC7468</a>]</span>.<a href="#section-7-6" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-7-7">
-<pre>
-  -----BEGIN PRIVATE KEY-----
-  TODO iser example private key
-  -----END PRIVATE KEY-------
-</pre><a href="#section-7-7" class="pilcrow">¶</a>
-</div>
-<p id="section-7-8">The following example, in addition to encoding the TBD private key,
-has an attribute included as well as the public key. As with the
-prior example, the textual encoding defined in <span>[<a href="#RFC7468" class="cite xref">RFC7468</a>]</span> is used.<a href="#section-7-8" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-7-9">
-<pre>
-  -----BEGIN PRIVATE KEY-----
-  TODO insert example private key with attribute
-  -----END PRIVATE KEY-------
-</pre><a href="#section-7-9" class="pilcrow">¶</a>
-</div>
-<aside id="section-7-10">
-        <p id="section-7-10.1">NOTE: There exist some private key import functions that have not
-implemented the new ASN.1 structure OneAsymmetricKey that is defined in
-<span>[<a href="#RFC5958" class="cite xref">RFC5958</a>]</span>. This means that they will not accept a private key
-structure that contains the public key field.  This means a balancing
-act needs to be done between being able to do a consistency check on the
-key pair and widest ability to import the key.<a href="#section-7-10.1" class="pilcrow">¶</a></p>
-</aside>
-</section>
-</div>
-<div id="asn1-module">
-<section id="section-8">
-      <h2 id="name-asn1-module">
-<a href="#section-8" class="section-number selfRef">8. </a><a href="#name-asn1-module" class="section-name selfRef">ASN.1 Module</a>
-      </h2>
-<p id="section-8-1">TODO ASN.1 Module<a href="#section-8-1" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="security-considerations">
-<section id="section-9">
-      <h2 id="name-security-considerations">
-<a href="#section-9" class="section-number selfRef">9. </a><a href="#name-security-considerations" class="section-name selfRef">Security Considerations</a>
-      </h2>
-<p id="section-9-1">The Security Considerations section of <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span> applies to this specification as well.<a href="#section-9-1" class="pilcrow">¶</a></p>
-<p id="section-9-2">[EDNOTE: Discuss side-channels for Candidate TBD1.]<a href="#section-9-2" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="iana-considerations">
-<section id="section-10">
-      <h2 id="name-iana-considerations">
-<a href="#section-10" class="section-number selfRef">10. </a><a href="#name-iana-considerations" class="section-name selfRef">IANA Considerations</a>
-      </h2>
-<p id="section-10-1">This document will have some IANA actions.<a href="#section-10-1" class="pilcrow">¶</a></p>
-</section>
-</div>
-<section id="section-11">
-      <h2 id="name-references">
-<a href="#section-11" class="section-number selfRef">11. </a><a href="#name-references" class="section-name selfRef">References</a>
-      </h2>
-<div id="sec-normative-references">
-<section id="section-11.1">
-        <h3 id="name-normative-references">
-<a href="#section-11.1" class="section-number selfRef">11.1. </a><a href="#name-normative-references" class="section-name selfRef">Normative References</a>
-        </h3>
-<dl class="references">
-<dt id="RFC2119">[RFC2119]</dt>
-        <dd>
-<span class="refAuthor">Bradner, S.</span>, <span class="refTitle">"Key words for use in RFCs to Indicate Requirement Levels"</span>, <span class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 2119</span>, <span class="seriesInfo">DOI 10.17487/RFC2119</span>, <time datetime="1997-03" class="refDate">March 1997</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc2119">https://www.rfc-editor.org/rfc/rfc2119</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="RFC5280">[RFC5280]</dt>
-        <dd>
-<span class="refAuthor">Cooper, D.</span>, <span class="refAuthor">Santesson, S.</span>, <span class="refAuthor">Farrell, S.</span>, <span class="refAuthor">Boeyen, S.</span>, <span class="refAuthor">Housley, R.</span>, and <span class="refAuthor">W. Polk</span>, <span class="refTitle">"Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile"</span>, <span class="seriesInfo">RFC 5280</span>, <span class="seriesInfo">DOI 10.17487/RFC5280</span>, <time datetime="2008-05" class="refDate">May 2008</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc5280">https://www.rfc-editor.org/rfc/rfc5280</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="RFC5912">[RFC5912]</dt>
-        <dd>
-<span class="refAuthor">Hoffman, P.</span> and <span class="refAuthor">J. Schaad</span>, <span class="refTitle">"New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX)"</span>, <span class="seriesInfo">RFC 5912</span>, <span class="seriesInfo">DOI 10.17487/RFC5912</span>, <time datetime="2010-06" class="refDate">June 2010</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc5912">https://www.rfc-editor.org/rfc/rfc5912</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="RFC5958">[RFC5958]</dt>
-        <dd>
-<span class="refAuthor">Turner, S.</span>, <span class="refTitle">"Asymmetric Key Packages"</span>, <span class="seriesInfo">RFC 5958</span>, <span class="seriesInfo">DOI 10.17487/RFC5958</span>, <time datetime="2010-08" class="refDate">August 2010</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc5958">https://www.rfc-editor.org/rfc/rfc5958</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="RFC8174">[RFC8174]</dt>
-      <dd>
-<span class="refAuthor">Leiba, B.</span>, <span class="refTitle">"Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words"</span>, <span class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 8174</span>, <span class="seriesInfo">DOI 10.17487/RFC8174</span>, <time datetime="2017-05" class="refDate">May 2017</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc8174">https://www.rfc-editor.org/rfc/rfc8174</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-</dl>
-</section>
-</div>
-<div id="sec-informative-references">
-<section id="section-11.2">
-        <h3 id="name-informative-references">
-<a href="#section-11.2" class="section-number selfRef">11.2. </a><a href="#name-informative-references" class="section-name selfRef">Informative References</a>
-        </h3>
-<dl class="references">
-<dt id="PQCProj">[PQCProj]</dt>
-        <dd>
-<span class="refAuthor">National Institute of Standards and Technology</span>, <span class="refTitle">"Post-Quantum Cryptography Project"</span>, <time datetime="2016-12-20" class="refDate">20 December 2016</time>, <span>&lt;<a href="https://csrc.nist.gov/projects/post-quantum-cryptography">https://csrc.nist.gov/projects/post-quantum-cryptography</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="RFC7468">[RFC7468]</dt>
-      <dd>
-<span class="refAuthor">Josefsson, S.</span> and <span class="refAuthor">S. Leonard</span>, <span class="refTitle">"Textual Encodings of PKIX, PKCS, and CMS Structures"</span>, <span class="seriesInfo">RFC 7468</span>, <span class="seriesInfo">DOI 10.17487/RFC7468</span>, <time datetime="2015-04" class="refDate">April 2015</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc7468">https://www.rfc-editor.org/rfc/rfc7468</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-</dl>
-</section>
-</div>
-</section>
-<div id="acknowledgments">
-<section id="appendix-A">
-      <h2 id="name-acknowledgments">
-<a href="#name-acknowledgments" class="section-name selfRef">Acknowledgments</a>
-      </h2>
-<p id="appendix-A-1">TODO acknowledge.<a href="#appendix-A-1" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="authors-addresses">
-<section id="appendix-B">
-      <h2 id="name-authors-addresses">
-<a href="#name-authors-addresses" class="section-name selfRef">Authors' Addresses</a>
-      </h2>
-<address class="vcard">
-        <div dir="auto" class="left"><span class="fn nameRole">Sean Turner</span></div>
-<div dir="auto" class="left"><span class="org">sn3rd</span></div>
-<div class="email">
-<span>Email:</span>
-<a href="mailto:sean@sn3rd.com" class="email">sean@sn3rd.com</a>
-</div>
-</address>
-<address class="vcard">
-        <div dir="auto" class="left"><span class="fn nameRole">Panos Kampanakis</span></div>
-<div dir="auto" class="left"><span class="org">AWS</span></div>
-<div class="email">
-<span>Email:</span>
-<a href="mailto:kpanos@amazon.com" class="email">kpanos@amazon.com</a>
-</div>
-</address>
-<address class="vcard">
-        <div dir="auto" class="left"><span class="fn nameRole">Jake Massimo</span></div>
-<div dir="auto" class="left"><span class="org">AWS</span></div>
-<div class="email">
-<span>Email:</span>
-<a href="mailto:jakemas@amazon.com" class="email">jakemas@amazon.com</a>
-</div>
-</address>
-<address class="vcard">
-        <div dir="auto" class="left"><span class="fn nameRole">Bas Westerbaan</span></div>
-<div dir="auto" class="left"><span class="org">Cloudflare</span></div>
-<div class="email">
-<span>Email:</span>
-<a href="mailto:bas@westerbaan.name" class="email">bas@westerbaan.name</a>
-</div>
-</address>
-</section>
-</div>
-<script>const toc = document.getElementById("toc");
-toc.querySelector("h2").addEventListener("click", e => {
-  toc.classList.toggle("active");
-});
-toc.querySelector("nav").addEventListener("click", e => {
-  toc.classList.remove("active");
-});
-</script>
-</body>
-</html>
diff --git a/draft-ietf-lamps-kyber-certificates-02/draft-turner-lamps-nist-pqc-kem-certificates.txt b/draft-ietf-lamps-kyber-certificates-02/draft-turner-lamps-nist-pqc-kem-certificates.txt
deleted file mode 100644
index 8ecd08c..0000000
--- a/draft-ietf-lamps-kyber-certificates-02/draft-turner-lamps-nist-pqc-kem-certificates.txt
+++ /dev/null
@@ -1,354 +0,0 @@
-
-
-
-
-None                                                           S. Turner
-Internet-Draft                                                     sn3rd
-Intended status: Standards Track                           P. Kampanakis
-Expires: 25 April 2024                                        J. Massimo
-                                                                     AWS
-                                                           B. Westerbaan
-                                                              Cloudflare
-                                                         23 October 2023
-
-
-Algorithm Identifiers for NIST's PQC Algorithms for Use in the Internet
-                    X.509 Public Key Infrastructure
-          draft-turner-lamps-nist-pqc-kem-certificates-latest
-
-Abstract
-
-   This document specifies algorithm identifiers and ASN.1 encoding
-   format for the US NIST's PQC KEM (United States National Institute of
-   Standards and Technology's Post Quantum Cryptography Key
-   Encapsulation Mechanism) algorithms.  The algorithms covered are
-   Candidate TBD1.  The encoding for public key and private key is also
-   provided.
-
-   [EDNOTE: This draft is not expected to be finalized before the NIST
-   PQC Project has standardized PQ algorithms.  After NIST has
-   standardized its first algorithms, this document will replace TBD,
-   with the appropriate algorithms and parameters before proceeding to
-   ratification.  The algorithm Candidate TBD1 has been added as an
-   example in this draft, to provide a more detailed illustration of the
-   content - it by no means indicates its inclusion in the final
-   version.  This specification will use object identifiers for the new
-   algorithms that are assigned by NIST, and will use placeholders until
-   these are released.]
-
-About This Document
-
-   This note is to be removed before publishing as an RFC.
-
-   Status information for this document may be found at
-   https://datatracker.ietf.org/doc/draft-turner-lamps-nist-pqc-kem-
-   certificates/.
-
-   Discussion of this document takes place on the Limited Additional
-   Mechanisms for PKIX and SMIME (lamps) Working Group mailing list
-   (mailto:spasm@ietf.org), which is archived at
-   https://mailarchive.ietf.org/arch/browse/spasm/.  Subscribe at
-   https://www.ietf.org/mailman/listinfo/spasm/.
-
-   Source for this draft and an issue tracker can be found at
-   https://github.com/seanturner/draft-turner-lamps-nist-pqc-kem-
-   certificates.
-
-Status of This Memo
-
-   This Internet-Draft is submitted in full conformance with the
-   provisions of BCP 78 and BCP 79.
-
-   Internet-Drafts are working documents of the Internet Engineering
-   Task Force (IETF).  Note that other groups may also distribute
-   working documents as Internet-Drafts.  The list of current Internet-
-   Drafts is at https://datatracker.ietf.org/drafts/current/.
-
-   Internet-Drafts are draft documents valid for a maximum of six months
-   and may be updated, replaced, or obsoleted by other documents at any
-   time.  It is inappropriate to use Internet-Drafts as reference
-   material or to cite them other than as "work in progress."
-
-   This Internet-Draft will expire on 25 April 2024.
-
-Copyright Notice
-
-   Copyright (c) 2023 IETF Trust and the persons identified as the
-   document authors.  All rights reserved.
-
-   This document is subject to BCP 78 and the IETF Trust's Legal
-   Provisions Relating to IETF Documents (https://trustee.ietf.org/
-   license-info) in effect on the date of publication of this document.
-   Please review these documents carefully, as they describe your rights
-   and restrictions with respect to this document.  Code Components
-   extracted from this document must include Revised BSD License text as
-   described in Section 4.e of the Trust Legal Provisions and are
-   provided without warranty as described in the Revised BSD License.
-
-Table of Contents
-
-   1.  Introduction
-   2.  Conventions and Definitions
-   3.  Algorithm Identifiers
-   4.  Candidate TBD1
-   5.  Subject Public Key Fields
-   6.  Key Usage Bits
-   7.  Private Key Format
-   8.  ASN.1 Module
-   9.  Security Considerations
-   10. IANA Considerations
-   11. References
-     11.1.  Normative References
-     11.2.  Informative References
-   Acknowledgments
-   Authors' Addresses
-
-1.  Introduction
-
-   The US NIST PQC Project has selected the Candidate TBD1 algorithms as
-   winners of their PQC Project [PQCProj].  These algorithms are KEM
-   algorithms.  NIST has also defined object identifiers for these
-   algorithms (TODO insert reference).
-
-   This document specifies the use of the Candidate TBD1 algorithms in
-   X.509 public key certifiates, see [RFC5280].  It also specifies
-   private key encoding.  An ASN.1 module is included for reference
-   purposes.
-
-   These certificates could be used as Issuers in CMS where the public
-   key is used to encapsulate a shared secret used to derive a symmetric
-   key used to encrypt content in CMS [EDNOTE: Add reference draft-
-   perret-prat-lamps-cms-pq-kem].  To be used in TLS, these certificates
-   could only be used as end-entity identity certificates and would
-   require significant updates to the protocol [EDNOTE: Add reference
-   draft-celi-wiggers-tls-authkem].
-
-2.  Conventions and Definitions
-
-   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
-   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
-   "OPTIONAL" in this document are to be interpreted as described in
-   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
-   capitals, as shown here.
-
-3.  Algorithm Identifiers
-
-   Certificates conforming to [RFC5280] can convey a public key for any
-   public key algorithm.  The certificate indicates the algorithm
-   through an algorithm identifier.  An algorithm identifier consists of
-   an object identifier and optional parameters.
-
-   The AlgorithmIdentifier type, which is included herein for
-   convenience, is defined as follows:
-
-      AlgorithmIdentifier  ::=  SEQUENCE  {
-          algorithm   OBJECT IDENTIFIER,
-          parameters  ANY DEFINED BY algorithm OPTIONAL
-      }
-
-      |  NOTE: The above syntax is from [RFC5280] and matches the
-      |  version used therein, i.e., the 1988 ASN.1 syntax.  See
-      |  [RFC5912] for ASN.1 copmatible with the 2015 ASN.1 syntax.
-
-   The fields in AlgorithmIdentifier have the following meanings:
-
-   *  algorithm identifies the cryptographic algorithm with an object
-      identifier.  XXX such OIDs are defined in Sections Section 4.
-
-   *  parameters, which are optional, are the associated parameters for
-      the algorithm identifier in the algorithm field.
-
-   In this document, TODO (specify number) new OIDs for identifying the
-   different algorithm and parameter pairs.  For all of the object
-   identifiers, the parameters MUST be absent.
-
-   It is possible to find systems that require the parameters to be
-   present.  This can be due to either a defect in the original 1997
-   syntax or a programming error where developers never got input where
-   this was not true.  The optimal solution is to fix these systems;
-   where this is not possible, the problem needs to be restricted to
-   that subsystem and not propagated to the Internet.
-
-4.  Candidate TBD1
-
-   TODO insert object-identifiers
-
-5.  Subject Public Key Fields
-
-   In the X.509 certificate, the subjectPublicKeyInfo field has the
-   SubjectPublicKeyInfo type, which has the following ASN.1 syntax:
-
-     SubjectPublicKeyInfo  ::=  SEQUENCE  {
-         algorithm         AlgorithmIdentifier,
-         subjectPublicKey  BIT STRING
-     }
-
-      |  NOTE: The above syntax is from [RFC5280] and matches the
-      |  version used therein, i.e., the 1988 ASN.1 syntax.  See
-      |  [RFC5912] for ASN.1 copmatible with the 2015 ASN.1 syntax.
-
-   The fields in SubjectPublicKeyInfo have the following meanings:
-
-   *  algorithm is the algorithm identifier and parameters for the
-      public key (see above).
-
-   *  subjectPublicKey contains the byte stream of the public key.  The
-      algorithms defined in this document always encode the public key
-      as TODO pick format e.g., exact multiple of 8 bits?.
-
-   The following is an example of a TBD public key encoded using the
-   textual encoding defined in [RFC7468].
-
-     -----BEGIN PUBLIC KEY-----
-     TODO insert example public key
-     -----END PUBLIC KEY-------
-
-6.  Key Usage Bits
-
-   The intended application for the key is indicated in the keyUsage
-   certificate extension; see Section 4.2.1.3 of [RFC5280].
-
-   If the keyUsage extension is present in a certificate that indicates
-   Candidate TBD1 in SubjectPublicKeyInfo, then the following MUST be
-   present:
-
-     keyEncipherment;
-
-7.  Private Key Format
-
-   "Asymmetric Key Packages" [RFC5958] describes how to encode a private
-   key in a structure that both identifies what algorithm the private
-   key is for and allows for the public key and additional attributes
-   about the key to be included as well.  For illustration, the ASN.1
-   structure OneAsymmetricKey is replicated below.  The algorithm-
-   specific details of how a private key is encoded are left for the
-   document describing the algorithm itself.
-
-     OneAsymmetricKey ::= SEQUENCE {
-         version                  Version,
-         privateKeyAlgorithm      PrivateKeyAlgorithmIdentifier,
-         privateKey               PrivateKey,
-         attributes           [0] IMPLICIT Attributes OPTIONAL,
-         ...,
-         [[2: publicKey       [1] IMPLICIT PublicKey OPTIONAL ]],
-         ...
-     }
-
-     PrivateKey ::= OCTET STRING
-
-     PublicKey ::= BIT STRING
-
-      |  NOTE: The above syntax is from [RFC5958] and matches the
-      |  version used therein, i.e., the 2002 ASN.1 syntax.  The syntax
-      |  used therein is compatible with the 2015 ASN.1 syntax.
-
-   For the keys defined in this document, the private key is always an
-   opaque byte sequence.  The ASN.1 type PqckemPrivateKey is defined in
-   this document to hold the byte sequence.  Thus, when encoding a
-   OneAsymmetricKey object, the private key is wrapped in a
-   PqckemPrivateKey object and wrapped by the OCTET STRING of the
-   "privateKey" field.
-
-     PqckemPrivateKey ::= OCTET STRING
-
-   The following is an example of a TBD private key encoded using the
-   textual encoding defined in [RFC7468].
-
-     -----BEGIN PRIVATE KEY-----
-     TODO iser example private key
-     -----END PRIVATE KEY-------
-
-   The following example, in addition to encoding the TBD private key,
-   has an attribute included as well as the public key.  As with the
-   prior example, the textual encoding defined in [RFC7468] is used.
-
-     -----BEGIN PRIVATE KEY-----
-     TODO insert example private key with attribute
-     -----END PRIVATE KEY-------
-
-      |  NOTE: There exist some private key import functions that have
-      |  not implemented the new ASN.1 structure OneAsymmetricKey that
-      |  is defined in [RFC5958].  This means that they will not accept
-      |  a private key structure that contains the public key field.
-      |  This means a balancing act needs to be done between being able
-      |  to do a consistency check on the key pair and widest ability to
-      |  import the key.
-
-8.  ASN.1 Module
-
-   TODO ASN.1 Module
-
-9.  Security Considerations
-
-   The Security Considerations section of [RFC5280] applies to this
-   specification as well.
-
-   [EDNOTE: Discuss side-channels for Candidate TBD1.]
-
-10.  IANA Considerations
-
-   This document will have some IANA actions.
-
-11.  References
-
-11.1.  Normative References
-
-   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
-              Requirement Levels", BCP 14, RFC 2119,
-              DOI 10.17487/RFC2119, March 1997,
-              <https://www.rfc-editor.org/rfc/rfc2119>.
-
-   [RFC5280]  Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
-              Housley, R., and W. Polk, "Internet X.509 Public Key
-              Infrastructure Certificate and Certificate Revocation List
-              (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
-              <https://www.rfc-editor.org/rfc/rfc5280>.
-
-   [RFC5912]  Hoffman, P. and J. Schaad, "New ASN.1 Modules for the
-              Public Key Infrastructure Using X.509 (PKIX)", RFC 5912,
-              DOI 10.17487/RFC5912, June 2010,
-              <https://www.rfc-editor.org/rfc/rfc5912>.
-
-   [RFC5958]  Turner, S., "Asymmetric Key Packages", RFC 5958,
-              DOI 10.17487/RFC5958, August 2010,
-              <https://www.rfc-editor.org/rfc/rfc5958>.
-
-   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
-              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
-              May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.
-
-11.2.  Informative References
-
-   [PQCProj]  National Institute of Standards and Technology, "Post-
-              Quantum Cryptography Project", 20 December 2016,
-              <https://csrc.nist.gov/projects/post-quantum-
-              cryptography>.
-
-   [RFC7468]  Josefsson, S. and S. Leonard, "Textual Encodings of PKIX,
-              PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468,
-              April 2015, <https://www.rfc-editor.org/rfc/rfc7468>.
-
-Acknowledgments
-
-   TODO acknowledge.
-
-Authors' Addresses
-
-   Sean Turner
-   sn3rd
-   Email: sean@sn3rd.com
-
-
-   Panos Kampanakis
-   AWS
-   Email: kpanos@amazon.com
-
-
-   Jake Massimo
-   AWS
-   Email: jakemas@amazon.com
-
-
-   Bas Westerbaan
-   Cloudflare
-   Email: bas@westerbaan.name
diff --git a/index.html b/index.html
index 329d56d..fcef599 100644
--- a/index.html
+++ b/index.html
@@ -17,8 +17,8 @@ <h1>Editor's drafts for main branch of <a href="https://github.com/lamps-wg/kybe
     <p>View <a href="issues.html">saved issues</a>, or the latest GitHub <a href="https://github.com/lamps-wg/kyber-certificates/issues">issues</a> and <a href="https://github.com/lamps-wg/kyber-certificates/pulls">pull requests</a> in the <a href="https://github.com/lamps-wg/kyber-certificates">repo</a>.</p>
     <table id="branch-main">
       <tr>
-        <td><a href="./draft-ietf-lamps-kyber-certificates.html" class="html draft-ietf-lamps-kyber-certificates" title="Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Kyber (HTML)">PQC Kyber in Certificates</a></td>
-        <td><a href="./draft-ietf-lamps-kyber-certificates.txt" class="txt draft-ietf-lamps-kyber-certificates" title="Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Kyber (Text)">plain text</a></td>
+        <td><a href="./draft-ietf-lamps-kyber-certificates.html" class="html draft-ietf-lamps-kyber-certificates" title="Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) (HTML)">ML-KEM in Certificates</a></td>
+        <td><a href="./draft-ietf-lamps-kyber-certificates.txt" class="txt draft-ietf-lamps-kyber-certificates" title="Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) (Text)">plain text</a></td>
         <td><a href="https://datatracker.ietf.org/doc/draft-ietf-lamps-kyber-certificates" class="dt draft-ietf-lamps-kyber-certificates" title="Datatracker for draft-ietf-lamps-kyber-certificates">datatracker</a></td>
         <td><a href="https://author-tools.ietf.org/api/iddiff?doc_1=draft-ietf-lamps-kyber-certificates&amp;url_2=https://lamps-wg.github.io/kyber-certificates/draft-ietf-lamps-kyber-certificates.txt" class="diff draft-ietf-lamps-kyber-certificates">diff with last submission</a></td>
         <td></td>
@@ -31,43 +31,17 @@ <h1>Editor's drafts for main branch of <a href="https://github.com/lamps-wg/kybe
         <td></td>
       </tr>
     </table>
-    <h2>Preview for branch <a href="draft-ietf-lamps-kyber-certificates-02">draft-ietf-lamps-kyber-certificates-02</a></h2>
-    <table id="branch-draft-ietf-lamps-kyber-certificates-02">
+    <h2>Preview for branch <a href="seanturner-name-change">seanturner-name-change</a></h2>
+    <table id="branch-seanturner-name-change">
       <tr>
-        <td><a href="draft-ietf-lamps-kyber-certificates-02/draft-ietf-lamps-kyber-certificates.html" class="html draft-ietf-lamps-kyber-certificates" title="Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Kyber (HTML)">PQC Kyber in Certificates</a></td>
-        <td><a href="draft-ietf-lamps-kyber-certificates-02/draft-ietf-lamps-kyber-certificates.txt" class="txt draft-ietf-lamps-kyber-certificates" title="Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Kyber (Text)">plain text</a></td>
-        <td>same as main</td>
+        <td><a href="seanturner-name-change/draft-ietf-lamps-kyber-certificates.html" class="html draft-ietf-lamps-kyber-certificates" title="Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) (HTML)">ML-KEM in Certificates</a></td>
+        <td><a href="seanturner-name-change/draft-ietf-lamps-kyber-certificates.txt" class="txt draft-ietf-lamps-kyber-certificates" title="Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) (Text)">plain text</a></td>
+        <td><a href="https://author-tools.ietf.org/api/iddiff?url_1=https://lamps-wg.github.io/kyber-certificates/draft-ietf-lamps-kyber-certificates.txt&amp;url_2=https://lamps-wg.github.io/kyber-certificates/seanturner-name-change/draft-ietf-lamps-kyber-certificates.txt" class="diff draft-ietf-lamps-kyber-certificates">diff with main</a></td>
       </tr>
       <tr>
-        <td><a href="draft-ietf-lamps-kyber-certificates-02/draft-turner-lamps-nist-pqc-kem-certificates.html" class="html draft-turner-lamps-nist-pqc-kem-certificates" title="Algorithm Identifiers for NIST's PQC Algorithms for Use in the Internet X.509 Public Key Infrastructure (HTML)">PQC KEM for Certificates</a></td>
-        <td><a href="draft-ietf-lamps-kyber-certificates-02/draft-turner-lamps-nist-pqc-kem-certificates.txt" class="txt draft-turner-lamps-nist-pqc-kem-certificates" title="Algorithm Identifiers for NIST's PQC Algorithms for Use in the Internet X.509 Public Key Infrastructure (Text)">plain text</a></td>
-        <td>same as main</td>
-      </tr>
-    </table>
-    <h2>Preview for branch <a href="seanturner-asides">seanturner-asides</a></h2>
-    <table id="branch-seanturner-asides">
-      <tr>
-        <td><a href="seanturner-asides/draft-ietf-lamps-kyber-certificates.html" class="html draft-ietf-lamps-kyber-certificates" title="Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Kyber (HTML)">PQC Kyber in Certificates</a></td>
-        <td><a href="seanturner-asides/draft-ietf-lamps-kyber-certificates.txt" class="txt draft-ietf-lamps-kyber-certificates" title="Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Kyber (Text)">plain text</a></td>
-        <td>same as main</td>
-      </tr>
-      <tr>
-        <td><a href="seanturner-asides/draft-turner-lamps-nist-pqc-kem-certificates.html" class="html draft-turner-lamps-nist-pqc-kem-certificates" title="Algorithm Identifiers for NIST's PQC Algorithms for Use in the Internet X.509 Public Key Infrastructure (HTML)">PQC KEM for Certificates</a></td>
-        <td><a href="seanturner-asides/draft-turner-lamps-nist-pqc-kem-certificates.txt" class="txt draft-turner-lamps-nist-pqc-kem-certificates" title="Algorithm Identifiers for NIST's PQC Algorithms for Use in the Internet X.509 Public Key Infrastructure (Text)">plain text</a></td>
-        <td>same as main</td>
-      </tr>
-    </table>
-    <h2>Preview for branch <a href="seanturner-md-fix">seanturner-md-fix</a></h2>
-    <table id="branch-seanturner-md-fix">
-      <tr>
-        <td><a href="seanturner-md-fix/draft-ietf-lamps-kyber-certificates.html" class="html draft-ietf-lamps-kyber-certificates" title="Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Kyber (HTML)">PQC Kyber in Certificates</a></td>
-        <td><a href="seanturner-md-fix/draft-ietf-lamps-kyber-certificates.txt" class="txt draft-ietf-lamps-kyber-certificates" title="Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Kyber (Text)">plain text</a></td>
-        <td><a href="https://author-tools.ietf.org/api/iddiff?url_1=https://lamps-wg.github.io/kyber-certificates/draft-ietf-lamps-kyber-certificates.txt&amp;url_2=https://lamps-wg.github.io/kyber-certificates/seanturner-md-fix/draft-ietf-lamps-kyber-certificates.txt" class="diff draft-ietf-lamps-kyber-certificates">diff with main</a></td>
-      </tr>
-      <tr>
-        <td><a href="seanturner-md-fix/draft-turner-lamps-nist-pqc-kem-certificates.html" class="html draft-turner-lamps-nist-pqc-kem-certificates" title="Algorithm Identifiers for NIST's PQC Algorithms for Use in the Internet X.509 Public Key Infrastructure (HTML)">PQC KEM for Certificates</a></td>
-        <td><a href="seanturner-md-fix/draft-turner-lamps-nist-pqc-kem-certificates.txt" class="txt draft-turner-lamps-nist-pqc-kem-certificates" title="Algorithm Identifiers for NIST's PQC Algorithms for Use in the Internet X.509 Public Key Infrastructure (Text)">plain text</a></td>
-        <td><a href="https://author-tools.ietf.org/api/iddiff?url_1=https://lamps-wg.github.io/kyber-certificates/draft-turner-lamps-nist-pqc-kem-certificates.txt&amp;url_2=https://lamps-wg.github.io/kyber-certificates/seanturner-md-fix/draft-turner-lamps-nist-pqc-kem-certificates.txt" class="diff draft-turner-lamps-nist-pqc-kem-certificates">diff with main</a></td>
+        <td><a href="seanturner-name-change/draft-turner-lamps-nist-pqc-kem-certificates.html" class="html draft-turner-lamps-nist-pqc-kem-certificates" title="Algorithm Identifiers for NIST's PQC Algorithms for Use in the Internet X.509 Public Key Infrastructure (HTML)">PQC KEM for Certificates</a></td>
+        <td><a href="seanturner-name-change/draft-turner-lamps-nist-pqc-kem-certificates.txt" class="txt draft-turner-lamps-nist-pqc-kem-certificates" title="Algorithm Identifiers for NIST's PQC Algorithms for Use in the Internet X.509 Public Key Infrastructure (Text)">plain text</a></td>
+        <td><a href="https://author-tools.ietf.org/api/iddiff?url_1=https://lamps-wg.github.io/kyber-certificates/draft-turner-lamps-nist-pqc-kem-certificates.txt&amp;url_2=https://lamps-wg.github.io/kyber-certificates/seanturner-name-change/draft-turner-lamps-nist-pqc-kem-certificates.txt" class="diff draft-turner-lamps-nist-pqc-kem-certificates">diff with main</a></td>
       </tr>
     </table>
     <script>
diff --git a/seanturner-asides/draft-ietf-lamps-kyber-certificates.html b/seanturner-asides/draft-ietf-lamps-kyber-certificates.html
deleted file mode 100644
index 63e1820..0000000
--- a/seanturner-asides/draft-ietf-lamps-kyber-certificates.html
+++ /dev/null
@@ -1,1633 +0,0 @@
-<!DOCTYPE html>
-<html lang="en" class="Internet-Draft">
-<head>
-<meta charset="utf-8">
-<meta content="Common,Latin" name="scripts">
-<meta content="initial-scale=1.0" name="viewport">
-<title>Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Kyber</title>
-<meta content="Sean Turner" name="author">
-<meta content="Panos Kampanakis" name="author">
-<meta content="Jake Massimo" name="author">
-<meta content="Bas Westerbaan" name="author">
-<meta content="
-       Kyber is a key-encapsulation mechanism (KEM). This document specifies
-algorithm identifiers and ASN.1 encoding format for Kyber in public
-key certificates. The encoding for public and private keys are also
-provided. 
-       \ [EDNOTE:
-This document is not expected to be finalized before the NIST PQC
-Project has standardized PQ algorithms. This specification will use
-object identifiers for the new algorithms that are assigned by NIST,
-and will use placeholders until these are released. 
-    " name="description">
-<meta content="xml2rfc 3.18.2" name="generator">
-<meta content="Kyber KEM Certificate X.509 PKIX" name="keyword">
-<meta content="draft-ietf-lamps-kyber-certificates-latest" name="ietf.draft">
-<!-- Generator version information:
-  xml2rfc 3.18.2
-    Python 3.11.6
-    ConfigArgParse 1.5.3
-    google-i18n-address 3.1.0
-    intervaltree 3.1.0
-    Jinja2 3.1.2
-    lxml 4.9.3
-    platformdirs 3.11.0
-    pycountry 22.3.5
-    PyYAML 6.0
-    requests 2.31.0
-    setuptools 67.7.2
-    six 1.16.0
-    wcwidth 0.2.8
--->
-<link href="draft-ietf-lamps-kyber-certificates.xml" rel="alternate" type="application/rfc+xml">
-<link href="#copyright" rel="license">
-<style type="text/css">@font-face {
-  font-family: 'Lora';
-  font-style: italic;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Italic'), local('Lora-Italic'), url('https://martinthomson.github.io/rfc-css/fonts/lora-italic-cyrillic-ext.woff2') format('woff2');
-  unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: italic;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Italic'), local('Lora-Italic'), url('https://martinthomson.github.io/rfc-css/fonts/lora-italic-cyrillic-ext.woff2') format('woff2');
-  unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: italic;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Italic'), local('Lora-Italic'), url('https://martinthomson.github.io/rfc-css/fonts/lora-italic-vietnamese.woff2') format('woff2');
-  unicode-range: U+0102-0103, U+0110-0111, U+1EA0-1EF9, U+20AB;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: italic;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Italic'), local('Lora-Italic'), url('https://martinthomson.github.io/rfc-css/fonts/lora-italic-latin-ext.woff2') format('woff2');
-  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-}
-
-@font-face {
-  font-family: 'Lora';
-  font-style: italic;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Italic'), local('Lora-Italic'), url('https://martinthomson.github.io/rfc-css/fonts/lora-italic-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Regular'), local('Lora-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/lora-regular-cyrillic-ext.woff2') format('woff2');
-  unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Regular'), local('Lora-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/lora-regular-cyrillic.woff2') format('woff2');
-  unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Regular'), local('Lora-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/lora-regular-vietnamese.woff2') format('woff2');
-  unicode-range: U+0102-0103, U+0110-0111, U+1EA0-1EF9, U+20AB;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Regular'), local('Lora-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/lora-regular-latin-ext.woff2') format('woff2');
-  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Regular'), local('Lora-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/lora-regular-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local('Lora Bold'), local('Lora-Bold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-bold-cyrillic-ext.woff2') format('woff2');
-  unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local('Lora Bold'), local('Lora-Bold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-bold-cyrillic.woff2') format('woff2');
-  unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local('Lora Bold'), local('Lora-Bold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-bold-vietnamese.woff2') format('woff2');
-  unicode-range: U+0102-0103, U+0110-0111, U+1EA0-1EF9, U+20AB;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local('Lora Bold'), local('Lora-Bold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-bold-latin-ext.woff2') format('woff2');
-  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local('Lora Bold'), local('Lora-Bold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-bold-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 600;
-  font-display: swap;
-  src: local('Lora SemiBold'), local('Lora-SemiBold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-semibold-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-
-@font-face {
-  font-family: 'Cabin Condensed';
-  font-style: normal;
-  font-weight: 600;
-  font-display: swap;
-  src: local('Cabin Condensed SemiBold'), local('CabinCondensed-SemiBold'), url('https://martinthomson.github.io/rfc-css/fonts/cabincondensed-semibold-vietnamese.woff2') format('woff2');
-  unicode-range: U+0102-0103, U+0110-0111, U+1EA0-1EF9, U+20AB;
-}
-@font-face {
-  font-family: 'Cabin Condensed';
-  font-style: normal;
-  font-weight: 600;
-  font-display: swap;
-  src: local('Cabin Condensed SemiBold'), local('CabinCondensed-SemiBold'), url('https://martinthomson.github.io/rfc-css/fonts/cabincondensed-semibold-latin-ext.woff2') format('woff2');
-  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-}
-@font-face {
-  font-family: 'Cabin Condensed';
-  font-style: normal;
-  font-weight: 600;
-  font-display: swap;
-  src: local('Cabin Condensed SemiBold'), local('CabinCondensed-SemiBold'), url('https://martinthomson.github.io/rfc-css/fonts/cabincondensed-semibold-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-
-@font-face {
-  font-family: 'Oxygen Mono';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Oxygen Mono'), local('OxygenMono-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/oxygenmono-regular-latin-ext.woff2') format('woff2');
-  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-}
-@font-face {
-  font-family: 'Oxygen Mono';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Oxygen Mono'), local('OxygenMono-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/oxygenmono-regular-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-
-:root {
-  color-scheme: light dark;
-  --background-color: #fff;
-  --text-color: #222;
-  --title-color: #191919;
-  --link-color: #2a6496;
-  --highlight-color: #f9f9f9;
-  --line-color: #eee;
-  --pilcrow-weak: #ddd;
-  --pilcrow-strong: #bbb;
-  --small-font-size: 14.5px;
-  --font-mono: 'Oxygen Mono', monospace;
-  scrollbar-color: #bbb #eee;
-}
-body {
-  max-width: 600px;
-  margin: 75px auto;
-  padding: 0 5px;
-  color: var(--text-color);
-  background-color: var(--background-color);
-  font: 16px/22px "Lora", serif;
-  scroll-behavior: smooth;
-}
-
-.ears {
-  display: none;
-}
-
-/* headings */
-h1, h2, h3, h4, h5, h6 {
-  font-family: "Cabin Condensed", sans-serif;
-  font-weight: 600;
-  margin: 0.8em 0 0.3em;
-  font-size-adjust: 0.5;
-  color: var(--title-color);
-}
-h1#title {
-  font-size: 32px;
-  line-height: 40px;
-  clear: both;
-}
-h1#title, h1#rfcnum {
-  margin: 1.5em 0 0.2em;
-}
-h1#rfcnum + h1#title {
-  margin: 0.2em 0;
-}
-
-h1, h2, h3 {
-  font-size: 22px;
-  line-height: 27px;
-}
-h4, h5, h6 {
-  font-size: 20px;
-  line-height: 24px;
-}
-
-/* general structure */
-.author {
-  padding-bottom: 0.3em;
-}
-#abstract+p {
-  font-size: 18px;
-  line-height: 24px;
-}
-#abstract+p code, #abstract+p samp, #abstract+p tt {
-  font-size: 16px;
-  line-height: 0;
-}
-
-p {
-  padding: 0;
-  margin: 0.5em 0;
-  text-align: left;
-}
-div {
-  margin: 0;
-}
-.alignRight.art-text {
-  background-color: var(--highlight-color);
-  border: 1px solid var(--line-color);
-  border-radius: 3px;
-  padding: 0.5em 1em 0;
-  margin-bottom: 0.5em;
-}
-.alignRight.art-text pre {
-  padding: 0;
-  width: auto;
-}
-.alignRight {
-  margin: 1em 0;
-}
-.alignRight > *:first-child {
-  border: none;
-  margin: 0;
-  float: right;
-  clear: both;
-}
-.alignRight > *:nth-child(2) {
-  clear: both;
-  display: block;
-  border: none;
-}
-svg {
-  display: block;
-}
-/* font-family isn't space-separated, but =~ will have to do */
-svg[font-family~="monospace" i], svg [font-family~="monospace" i] {
-  font-family: var(--font-mono);
-}
-.alignCenter.art-text {
-  background-color: var(--highlight-color);
-  border: 1px solid var(--line-color);
-  border-radius: 3px;
-  padding: 0.5em 1em 0;
-  margin-bottom: 0.5em;
-}
-.alignCenter.art-text pre {
-  padding: 0;
-  width: auto;
-}
-.alignCenter {
-  margin: 1em 0;
-}
-.alignCenter > *:first-child {
-  border: none;
-  /* this isn't optimal, but it's an existence proof.  PrinceXML doesn't
-     support flexbox yet.
-  */
-  display: table;
-  margin: 0 auto;
-}
-
-/* lists */
-ol, ul {
-  padding: 0;
-  margin: 0 0 0.5em 2em;
-}
-:is(ol, ul) :is(ol, ul) {
-  margin-left: 1em;
-}
-li {
-  margin: 0 0 0.25em 0;
-}
-.ulCompact li {
-  margin: 0;
-}
-ul.empty, .ulEmpty {
-  list-style-type: none;
-}
-ul.empty li, .ulEmpty li {
-  margin-top: 0.5em;
-}
-:is(ul, ol).compact, .ulCompact, .olCompact {
-  line-height: 1;
-  margin: 0 0 0 2em;
-}
-
-/* definition lists */
-dl {
-  clear: left;
-  --indent: 3ch;
-  /* --indent: attr(indent ch); not supported in any browser, but we can dream */
-}
-dl.olPercent {
-  --indent: 5ch;
-}
-dl > dt {
-  float: left;
-  margin-right: 2ch;
-  min-width: 8ch;
-}
-dl.dlNewline > dt {
-  float: none;
-}
-dl > dd {
-  margin-bottom: .8em;
-  margin-left: var(--indent) !important; /* stupid element overrides */
-  min-height: 2ex;
-}
-dl.olPercent > dt {
-  min-width: calc(var(--indent) - 2ch);
-}
-:is(dl.compact, .dlCompact) > dd {
-  margin-bottom: 0;
-}
-:is(dl.compact, .dlCompact) > dd > :is(:first-child, .break:first-child + *) {
-  margin-top: 0;
-}
-:is(dl.compact, .dlCompact) > dd > :is(:last-child) {
-  margin-bottom: 0;
-}
-dl > dd > dl {
-  margin-top: 0.5em;
-  margin-bottom: 0;
-}
-:is(dd, span).break {
-  display: none;
-}
-
-/* links */
-a, a[href].selfRef:hover {
-  text-decoration: none;
-}
-a[href] {
-  color: var(--link-color);
-}
-a[href].selfRef, .iref + a[href].internal {
-  color: var(--text-color);
-}
-a[href]:hover {
-  text-decoration: underline;
-}
-a[href].selfRef:hover {
-  background-color: var(--highlight-color);
-}
-a.xref:is(.cite, .auto), :is(#status-of-memo, #copyright) a {
-  white-space: nowrap;
-}
-
-/* Figures */
-tt, code, pre {
-  background-color: var(--highlight-color);
-  font: 14px/22px var(--font-mono);
-}
-tt, code {
-  /* changing the font for inline elements leads to different ascender
-     and descender heights; as we want to retain baseline alignment,
-     remove leading to avoid altering the final height of lines
-     note: this fails if these blocks take an entire line,
-     a different solution would be great */
-  line-height: 0;
-}
-:is(h1, h2, h3, h4, h5, h6) :is(tt, code) {
-  font-size: 84%;
-}
-pre {
-  border: 1px solid var(--line-color);
-  font-size: 13.5px;
-  line-height: 16px;
-  letter-spacing: -0.2px;
-  margin: 5px;
-  padding: 5px;
-}
-img {
-  max-width: 100%;
-}
-figure {
-  margin: 0.5em 0;
-  padding: 0;
-}
-figure blockquote {
-  margin: 0.8em 0.4em 0.4em;
-}
-figcaption, caption {
-  font-style: italic;
-  margin: 0.5em 1.5em;
-  text-align: left;
-}
-@media screen {
-  /* Auto-collapse boilerplate. */
-  :is(#status-of-memo, #copyright) p {
-    margin: -2px 0;
-    max-height: 0;
-    transition: max-height 2s ease, margin 0.5s ease 0.5s;
-    overflow: hidden;
-  }
-  :is(#status-of-memo, #copyright):hover p,
-  :is(#status-of-memo, #copyright) h2:target ~ p {
-    margin: 0.5em 0;
-    max-height: 500px;
-    overflow: auto;
-  }
-  pre, svg {
-    display: inline-block;
-    overflow-x: auto;
-  }
-  pre {
-    max-width: 100%;
-    width: calc(100% - 22px - 1em);
-  }
-  svg {
-    max-width: calc(100% - 22px - 1em);
-  }
-  figure pre {
-    display: block;
-    width: calc(100% - 25px);
-  }
-  :is(pre, svg) + .pilcrow {
-    display: inline-block;
-    vertical-align: text-bottom;
-    padding-bottom: 8px;
-  }
-}
-
-/* aside, blockquote */
-aside, blockquote {
-  margin-left: 0;
-  padding: 0 2em;
-  font-style: italic;
-}
-blockquote {
-  margin: 1em 0;
-}
-cite {
-  display: block;
-  text-align: right;
-  font-style: italic;
-}
-
-/* tables */
-table {
-  max-width: 100%;
-  margin: 0 0 1em;
-  border-collapse: collapse;
-}
-table.right {
-  margin-left: auto;
-}
-table.center {
-  margin-left: auto;
-  margin-right: auto;
-}
-table.left {
-  margin-right: auto;
-}
-thead, tbody {
-  border: 1px solid var(--line-color);
-}
-th, td {
-  text-align: left;
-  vertical-align: top;
-  padding: 5px 10px;
-}
-th {
-  background-color: var(--line-color);
-}
-:is(tr:nth-child(2n), thead+tbody > tr:nth-child(2n+1)) > td {
-  background-color: var(--background-color);
-}
-:is(tr:nth-child(2n+1), thead+tbody > tr:nth-child(2n)) > td {
-  background-color: var(--highlight-color);
-}
-table caption {
-  margin: 0;
-  padding: 3px 0 3px 1em;
-}
-table p {
-  margin: 0;
-}
-
-/* pilcrow */
-a.pilcrow {
-  margin-left: 3px;
-  opacity: 0.2;
-  user-select: none;
-}
-a.pilcrow[href] { color: var(--pilcrow-weak); }
-a.pilcrow[href]:hover { text-decoration: none; }
-@media not print {
-  :hover > a.pilcrow {
-    opacity: 1;
-  }
-  a.pilcrow[href]:hover {
-    color: var(--pilcrow-strong);
-    background-color: transparent;
-  }
-}
-@media print {
-  a.pilcrow {
-    display: none;
-  }
-}
-
-/* misc */
-hr {
-  border: 0;
-  border-top: 1px solid var(--line-color);
-}
-.bcp14 {
-  font-variant: small-caps;
-  font-weight: 600;
-  font-size: var(--small-font-size);
-}
-.role {
-  font-variant: all-small-caps;
-}
-sub, sup {
-  line-height: 1;
-  font-size: 80%;
-}
-
-/* info block */
-#identifiers {
-  margin: 0;
-  font-size: var(--small-font-size);
-  line-height: 18px;
-  --identifier-width: 15ch;
-}
-#identifiers dt {
-  width: var(--identifier-width);
-  min-width: var(--identifier-width);
-  clear: left;
-  float: left;
-  text-align: right;
-  margin-right: 1ch;
-}
-#identifiers dd {
-  margin: 0;
-  margin-left: calc(1em + var(--identifier-width)) !important;
-  min-width: 5em;
-}
-#identifiers .authors .author {
-  display: inline-block;
-  margin-right: 1.5em;
-}
-#identifiers .authors .org {
-  font-style: italic;
-}
-
-/* The prepared/rendered info at the very bottom of the page */
-.docInfo {
-  color: #999;
-  font-size: 0.9em;
-  font-style: italic;
-  margin-top: 2em;
-}
-.docInfo .prepared {
-  float: left;
-}
-.docInfo .prepared {
-  float: right;
-}
-
-/* table of contents */
-#toc {
-  padding: 0.75em 0 2em 0;
-  margin-bottom: 1em;
-}
-#toc nav ul {
-  margin: 0 0.5em 0 0;
-  padding: 0;
-  list-style: none;
-}
-#toc nav li {
-  line-height: 1.3em;
-  margin: 2px 0;
-  padding-left: 1.2em;
-  text-indent: -1.2em;
-}
-#toc a.xref {
-  white-space: normal;
-}
-/* references */
-.references dt {
-  text-align: right;
-  font-weight: bold;
-  min-width: 10ch;
-  margin-right: 1.5ch;
-}
-.references dt:target::before {
-  content: "⇒";
-  width: 15px;
-  margin: 0 10px 0 -25px;
-}
-.references dd {
-  margin-left: 12ch !important;
-  overflow: auto;
-}
-
-.refInstance {
-  margin-bottom: 1.25em;
-}
-
-.references .ascii {
-  margin-bottom: 0.25em;
-}
-
-/* index */
-#rfc\.index\.index + ul {
-  margin-left: 0;
-}
-
-/* authors */
-address.vcard {
-  font-style: normal;
-  margin: 1em 0;
-}
-address.vcard .nameRole {
-  font-weight: 700;
-  margin-left: 0;
-}
-address.vcard .label {
-  margin: 0.5em 0;
-}
-address.vcard .type {
-  display: none;
-}
-.alternative-contact {
-  margin: 1.5em 0 1em;
-}
-hr.addr {
-  border-top: 1px dashed;
-  margin: 0;
-  color: #ddd;
-  max-width: calc(100% - 16px);
-}
-@media (min-width: 500px) {
-  #authors-addresses > section {
-    column-count: 2;
-    column-gap: 20px;
-  }
-  #authors-addresses > section > h2 {
-    column-span: all;
-  }
-  /* hack for break-inside: avoid-column */
-  #authors-addresses address {
-    display: inline-block;
-    break-inside: avoid-column;
-  }
-}
-
-.rfcEditorRemove p:first-of-type {
-  font-style: italic;
-}
-.cref {
-  background-color: rgba(249, 232, 105, 0.3);
-  padding: 2px 4px;
-}
-.crefSource {
-  font-style: italic;
-}
-/* alternative layout for smaller screens */
-@media screen and (max-width: 929px) {
-  #toc {
-    position: fixed;
-    z-index: 2;
-    top: 0;
-    right: 0;
-    padding: 1px 0 0 0;
-    margin: 0;
-    border-bottom: 1px solid #ccc;
-    opacity: 0.6;
-  }
-  #toc.active {
-      opacity: 1;
-  }
-  #toc h2 {
-    margin: 0;
-    padding: 2px 0 2px 6px;
-    padding-right: 1em;
-    font-size: 18px;
-    line-height: 24px;
-    min-width: 190px;
-    text-align: right;
-    background-color: #444;
-    color: white;
-    cursor: pointer;
-  }
-  #toc h2::before { /* css hamburger */
-    float: right;
-    position: relative;
-    width: 1em;
-    height: 1px;
-    left: -164px;
-    margin: 8px 0 0 0;
-    background: white none repeat scroll 0 0;
-    box-shadow: 0 4px 0 0 white, 0 8px 0 0 white;
-    content: "";
-  }
-  #toc nav {
-    display: none;
-    background-color: var(--background-color);
-    padding: 0.5em 1em 1em;
-    overflow: auto;
-    overscroll-behavior: contain;
-    height: calc(100vh - 48px);
-    border-left: 1px solid #ddd;
-  }
-  #toc.active nav {
-    display: block;
-  }
-  /* Make the collapsed ToC header render white on gray also when it's a link */
-  #toc h2 a,
-  #toc h2 a:link,
-  #toc h2 a:focus,
-  #toc h2 a:hover,
-  #toc a.toplink,
-  #toc a.toplink:hover {
-    color: white;
-    background-color: #444;
-    text-decoration: none;
-  }
-  #toc a.toplink {
-    margin-top: 2px;
-  }
-}
-
-/* alternative layout for wide screens */
-@media screen and (min-width: 930px) {
-  body {
-    padding-right: 360px;
-    padding-right: calc(min(180px + 20%, 500px));
-  }
-  #toc {
-    position: fixed;
-    bottom: 0;
-    right: 0;
-    right: calc(50vw - 480px);
-    width: 312px;
-    margin: 0;
-    padding: 0;
-    z-index: 1;
-  }
-  #toc h2 {
-    margin: 0;
-    padding: 0.25em 1em 1em 0;
-  }
-  #toc nav {
-    display: block;
-    height: calc(90vh - 84px);
-    bottom: 0;
-    padding: 0.5em 0 2em;
-    overflow: auto;
-    overscroll-behavior: contain;
-    scrollbar-width: thin;
-  }
-  #toc nav > ul  {
-    margin-bottom: 2em;
-  }
-  #toc ul {
-    margin: 0 0 0 4px;
-    font-size: var(--small-font-size);
-  }
-  #toc ul :is(p, li) {
-    margin: 2px 0;
-    line-height: 22px;
-  }
-  img { /* future proofing */
-    max-width: 100%;
-    height: auto;
-  }
-}
-
-/* pagination */
-@media print {
-  body {
-    width: 100%;
-  }
-  p {
-    orphans: 3;
-    widows: 3;
-  }
-  #n-copyright-notice {
-    border-bottom: none;
-  }
-  #toc, #n-introduction {
-    page-break-before: always;
-  }
-  #toc {
-    border-top: none;
-    padding-top: 0;
-  }
-  figure, pre, .vcard {
-    page-break-inside: avoid;
-  }
-  h1, h2, h3, h4, h5, h6 {
-    page-break-after: avoid;
-  }
-  :is(h2, h3, h4, h5, h6)+*, dd {
-    page-break-before: avoid;
-  }
-  pre {
-    white-space: pre-wrap;
-    word-wrap: break-word;
-    font-size: 10pt;
-  }
-  table {
-    border: 1px solid #ddd;
-  }
-  td {
-    border-top: 1px solid #ddd;
-  }
-  .toplink {
-    display: none;
-  }
-}
-
-@page :first {
-  padding-top: 0;
-  @top-left {
-    content: normal;
-    border: none;
-  }
-  @top-center {
-    content: normal;
-    border: none;
-  }
-  @top-right {
-    content: normal;
-    border: none;
-  }
-}
-
-@page {
-  size: A4;
-  margin-bottom: 45mm;
-  padding-top: 20px;
-}
-
-/* Changes introduced to fix issues found during implementation */
-
-/* Separate body from document info even without intervening H1 */
-section {
-  clear: both;
-}
-
-/* Top align author divs, to avoid names without organization dropping level with org names */
-.author {
-  vertical-align: top;
-}
-
-/* Style section numbers with more space between number and title */
-.section-number {
-  padding-right: 0.5em;
-}
-
-/* Add styling for a link in the ToC that points to the top of the document */
-a.toplink {
-  float: right;
-  margin: 8px 0.5em 0;
-}
-
-/* Provide styling for table cell text alignment */
-table .text-left {
-  text-align: left;
-}
-table .text-center {
-  text-align: center;
-}
-table .text-right {
-  text-align: right;
-}
-
-/* Make the alternative author contact information look less like just another
-   author, and group it closer with the primary author contact information */
-.alternative-contact {
-  margin: 0.5em 0 0.25em 0;
-}
-address .non-ascii {
-  margin: 0 0 0 2em;
-}
-
-/* With it being possible to set tables with alignment
-  left, center, and right, { width: 100%; } does not make sense */
-table {
-  width: auto;
-}
-
-/* Avoid reference text that sits in a block with very wide left margin,
-   because of a long floating dt label.*/
-.references dd {
-  overflow: visible;
-}
-
-/* Control caption placement */
-caption {
-  caption-side: bottom;
-}
-
-/* Limit the width of the author address vcard, so names in right-to-left
-   script don't end up on the other side of the page. */
-
-address.vcard {
-  max-width: 20em;
-  margin-right: auto;
-}
-
-/* For address alignment dependent on LTR or RTL scripts */
-address div.left {
-  text-align: left;
-}
-address div.right {
-  text-align: right;
-}
-
-/* Dark mode. */
-@media (prefers-color-scheme: dark) {
-:root {
-  --background-color: #121212;
-  --text-color: #f0f0f0;
-  --title-color: #fff;
-  --link-color: #4da4f0;
-  --highlight-color: #282828;
-  --line-color: #444;
-  --pilcrow-weak: #444;
-  --pilcrow-strong: #666;
-  scrollbar-color: #777 #333;
-}
-}
-
-/* SVG Trick: a prefix match works because only black and white are allowed */
-svg :is([stroke="black"], [stroke^="#000"]) {
-  stroke: var(--text-color);
-}
-svg :is([stroke="white"], [stroke^="#fff"]) {
-  stroke: var(--background-color);
-}
-svg :is([fill="black"], [fill^="#000"], :not([fill])) {
-  fill: var(--text-color);
-}
-svg :is([fill="white"], [fill^="#fff"]) {
-  fill: var(--background-color);
-}
-</style>
-
-</head>
-<body class="xml2rfc">
-<table class="ears">
-<thead><tr>
-<td class="left">Internet-Draft</td>
-<td class="center">PQC Kyber in Certificates</td>
-<td class="right">October 2023</td>
-</tr></thead>
-<tfoot><tr>
-<td class="left">Turner, et al.</td>
-<td class="center">Expires 25 April 2024</td>
-<td class="right">[Page]</td>
-</tr></tfoot>
-</table>
-<div id="external-metadata" class="document-information"></div>
-<div id="internal-metadata" class="document-information">
-<dl id="identifiers">
-<dt class="label-workgroup">Workgroup:</dt>
-<dd class="workgroup">LAMPS</dd>
-<dt class="label-internet-draft">Internet-Draft:</dt>
-<dd class="internet-draft">draft-ietf-lamps-kyber-certificates-latest</dd>
-<dt class="label-published">Published:</dt>
-<dd class="published">
-<time datetime="2023-10-23" class="published">23 October 2023</time>
-    </dd>
-<dt class="label-intended-status">Intended Status:</dt>
-<dd class="intended-status">Standards Track</dd>
-<dt class="label-expires">Expires:</dt>
-<dd class="expires"><time datetime="2024-04-25">25 April 2024</time></dd>
-<dt class="label-authors">Authors:</dt>
-<dd class="authors">
-<div class="author">
-      <div class="author-name">S. Turner</div>
-<div class="org">sn3rd</div>
-</div>
-<div class="author">
-      <div class="author-name">P. Kampanakis</div>
-<div class="org">AWS</div>
-</div>
-<div class="author">
-      <div class="author-name">J. Massimo</div>
-<div class="org">AWS</div>
-</div>
-<div class="author">
-      <div class="author-name">B. Westerbaan</div>
-<div class="org">Cloudflare</div>
-</div>
-</dd>
-</dl>
-</div>
-<h1 id="title">Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Kyber</h1>
-<section id="section-abstract">
-      <h2 id="abstract"><a href="#abstract" class="selfRef">Abstract</a></h2>
-<p id="section-abstract-1">Kyber is a key-encapsulation mechanism (KEM). This document specifies
-algorithm identifiers and ASN.1 encoding format for Kyber in public
-key certificates. The encoding for public and private keys are also
-provided.<a href="#section-abstract-1" class="pilcrow">¶</a></p>
-<p id="section-abstract-2">\ [EDNOTE:
-This document is not expected to be finalized before the NIST PQC
-Project has standardized PQ algorithms. This specification will use
-object identifiers for the new algorithms that are assigned by NIST,
-and will use placeholders until these are released.<a href="#section-abstract-2" class="pilcrow">¶</a></p>
-</section>
-<section class="note rfcEditorRemove" id="section-note.1">
-      <h2 id="name-about-this-document">
-<a href="#name-about-this-document" class="section-name selfRef">About This Document</a>
-      </h2>
-<p id="section-note.1-1">This note is to be removed before publishing as an RFC.<a href="#section-note.1-1" class="pilcrow">¶</a></p>
-<p id="section-note.1-2">
-        The latest revision of this draft can be found at <span><a href="https://lamps-wg.github.io/kyber-certificates/#go.draft-ietf-lamps-kyber-certificates.html">https://lamps-wg.github.io/kyber-certificates/#go.draft-ietf-lamps-kyber-certificates.html</a></span>.
-        Status information for this document may be found at <span><a href="https://datatracker.ietf.org/doc/draft-ietf-lamps-kyber-certificates/">https://datatracker.ietf.org/doc/draft-ietf-lamps-kyber-certificates/</a></span>.<a href="#section-note.1-2" class="pilcrow">¶</a></p>
-<p id="section-note.1-3">
-        Discussion of this document takes place on the
-        Limited Additional Mechanisms for PKIX and SMIME (lamps) Working Group mailing list (<span><a href="mailto:spasm@ietf.org">mailto:spasm@ietf.org</a></span>),
-        which is archived at <span><a href="https://mailarchive.ietf.org/arch/browse/spasm/">https://mailarchive.ietf.org/arch/browse/spasm/</a></span>.
-        Subscribe at <span><a href="https://www.ietf.org/mailman/listinfo/spasm/">https://www.ietf.org/mailman/listinfo/spasm/</a></span>.<a href="#section-note.1-3" class="pilcrow">¶</a></p>
-<p id="section-note.1-4">Source for this draft and an issue tracker can be found at
-        <span><a href="https://github.com/lamps-wg/kyber-certificates">https://github.com/lamps-wg/kyber-certificates</a></span>.<a href="#section-note.1-4" class="pilcrow">¶</a></p>
-</section>
-<div id="status-of-memo">
-<section id="section-boilerplate.1">
-        <h2 id="name-status-of-this-memo">
-<a href="#name-status-of-this-memo" class="section-name selfRef">Status of This Memo</a>
-        </h2>
-<p id="section-boilerplate.1-1">
-        This Internet-Draft is submitted in full conformance with the
-        provisions of BCP 78 and BCP 79.<a href="#section-boilerplate.1-1" class="pilcrow">¶</a></p>
-<p id="section-boilerplate.1-2">
-        Internet-Drafts are working documents of the Internet Engineering Task
-        Force (IETF). Note that other groups may also distribute working
-        documents as Internet-Drafts. The list of current Internet-Drafts is
-        at <span><a href="https://datatracker.ietf.org/drafts/current/">https://datatracker.ietf.org/drafts/current/</a></span>.<a href="#section-boilerplate.1-2" class="pilcrow">¶</a></p>
-<p id="section-boilerplate.1-3">
-        Internet-Drafts are draft documents valid for a maximum of six months
-        and may be updated, replaced, or obsoleted by other documents at any
-        time. It is inappropriate to use Internet-Drafts as reference
-        material or to cite them other than as "work in progress."<a href="#section-boilerplate.1-3" class="pilcrow">¶</a></p>
-<p id="section-boilerplate.1-4">
-        This Internet-Draft will expire on 25 April 2024.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="copyright">
-<section id="section-boilerplate.2">
-        <h2 id="name-copyright-notice">
-<a href="#name-copyright-notice" class="section-name selfRef">Copyright Notice</a>
-        </h2>
-<p id="section-boilerplate.2-1">
-            Copyright (c) 2023 IETF Trust and the persons identified as the
-            document authors. All rights reserved.<a href="#section-boilerplate.2-1" class="pilcrow">¶</a></p>
-<p id="section-boilerplate.2-2">
-            This document is subject to BCP 78 and the IETF Trust's Legal
-            Provisions Relating to IETF Documents
-            (<span><a href="https://trustee.ietf.org/license-info">https://trustee.ietf.org/license-info</a></span>) in effect on the date of
-            publication of this document. Please review these documents
-            carefully, as they describe your rights and restrictions with
-            respect to this document. Code Components extracted from this
-            document must include Revised BSD License text as described in
-            Section 4.e of the Trust Legal Provisions and are provided without
-            warranty as described in the Revised BSD License.<a href="#section-boilerplate.2-2" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="toc">
-<section id="section-toc.1">
-        <a href="#" onclick="scroll(0,0)" class="toplink">▲</a><h2 id="name-table-of-contents">
-<a href="#name-table-of-contents" class="section-name selfRef">Table of Contents</a>
-        </h2>
-<nav class="toc"><ul class="compact toc ulBare ulEmpty">
-<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.1">
-            <p id="section-toc.1-1.1.1" class="keepWithNext"><a href="#section-1" class="auto internal xref">1</a>.  <a href="#name-introduction" class="internal xref">Introduction</a></p>
-<ul class="compact toc ulBare ulEmpty">
-<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.1.2.1">
-                <p id="section-toc.1-1.1.2.1.1" class="keepWithNext"><a href="#section-1.1" class="auto internal xref">1.1</a>.  <a href="#name-asn1-and-kyber-identifiers" class="internal xref">ASN.1 and Kyber Identifiers</a></p>
-</li>
-              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.1.2.2">
-                <p id="section-toc.1-1.1.2.2.1" class="keepWithNext"><a href="#section-1.2" class="auto internal xref">1.2</a>.  <a href="#name-applicability-statement" class="internal xref">Applicability Statement</a></p>
-</li>
-            </ul>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.2">
-            <p id="section-toc.1-1.2.1"><a href="#section-2" class="auto internal xref">2</a>.  <a href="#name-conventions-and-definitions" class="internal xref">Conventions and Definitions</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3">
-            <p id="section-toc.1-1.3.1"><a href="#section-3" class="auto internal xref">3</a>.  <a href="#name-algorithm-identifiers" class="internal xref">Algorithm Identifiers</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4">
-            <p id="section-toc.1-1.4.1"><a href="#section-4" class="auto internal xref">4</a>.  <a href="#name-kyber-public-key-identifier" class="internal xref">Kyber Public Key Identifiers</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5">
-            <p id="section-toc.1-1.5.1"><a href="#section-5" class="auto internal xref">5</a>.  <a href="#name-subject-public-key-fields" class="internal xref">Subject Public Key Fields</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.6">
-            <p id="section-toc.1-1.6.1"><a href="#section-6" class="auto internal xref">6</a>.  <a href="#name-private-key-format" class="internal xref">Private Key Format</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.7">
-            <p id="section-toc.1-1.7.1"><a href="#section-7" class="auto internal xref">7</a>.  <a href="#name-asn1-module" class="internal xref">ASN.1 Module</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.8">
-            <p id="section-toc.1-1.8.1"><a href="#section-8" class="auto internal xref">8</a>.  <a href="#name-security-considerations" class="internal xref">Security Considerations</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.9">
-            <p id="section-toc.1-1.9.1"><a href="#section-9" class="auto internal xref">9</a>.  <a href="#name-iana-considerations" class="internal xref">IANA Considerations</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.10">
-            <p id="section-toc.1-1.10.1"><a href="#section-10" class="auto internal xref">10</a>. <a href="#name-references" class="internal xref">References</a></p>
-<ul class="compact toc ulBare ulEmpty">
-<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.10.2.1">
-                <p id="section-toc.1-1.10.2.1.1"><a href="#section-10.1" class="auto internal xref">10.1</a>.  <a href="#name-normative-references" class="internal xref">Normative References</a></p>
-</li>
-              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.10.2.2">
-                <p id="section-toc.1-1.10.2.2.1"><a href="#section-10.2" class="auto internal xref">10.2</a>.  <a href="#name-informative-references" class="internal xref">Informative References</a></p>
-</li>
-            </ul>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.11">
-            <p id="section-toc.1-1.11.1"><a href="#appendix-A" class="auto internal xref"></a><a href="#name-acknowledgments" class="internal xref">Acknowledgments</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.12">
-            <p id="section-toc.1-1.12.1"><a href="#appendix-B" class="auto internal xref"></a><a href="#name-authors-addresses" class="internal xref">Authors' Addresses</a></p>
-</li>
-        </ul>
-</nav>
-</section>
-</div>
-<div id="introduction">
-<section id="section-1">
-      <h2 id="name-introduction">
-<a href="#section-1" class="section-number selfRef">1. </a><a href="#name-introduction" class="section-name selfRef">Introduction</a>
-      </h2>
-<p id="section-1-1">Kyber is a key-encapsulation mechanism (KEM) standardized by the US NIST
-PQC Project <span>[<a href="#PQCProj" class="cite xref">PQCProj</a>]</span>. This document specifies the use of the Kyber
-algorithm at three security levels: Kyber512, Kyber768, and Kyber1024,
-in X.509 public key certificates; see <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span>. Public and private
-key encodings are also specified.<a href="#section-1-1" class="pilcrow">¶</a></p>
-<div id="asn1-and-kyber-identifiers">
-<section id="section-1.1">
-        <h3 id="name-asn1-and-kyber-identifiers">
-<a href="#section-1.1" class="section-number selfRef">1.1. </a><a href="#name-asn1-and-kyber-identifiers" class="section-name selfRef">ASN.1 and Kyber Identifiers</a>
-        </h3>
-<p id="section-1.1-1">An ASN.1 module <span>[<a href="#X680" class="cite xref">X680</a>]</span> is included for reference purposes. Note that
-as per <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span>, certificates use the Distinguished Encoding Rules;
-see <span>[<a href="#X690" class="cite xref">X690</a>]</span>. Also note that NIST defined the object identifiers for
-the Kyber algorithms in an ASN.1 modulle; see (TODO insert reference).<a href="#section-1.1-1" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="applicability-statement">
-<section id="section-1.2">
-        <h3 id="name-applicability-statement">
-<a href="#section-1.2" class="section-number selfRef">1.2. </a><a href="#name-applicability-statement" class="section-name selfRef">Applicability Statement</a>
-        </h3>
-<p id="section-1.2-1">Kyber certificates are used in protocols where the public key is used to
-generate and encapsulate a shared secret used to derive a symmetric key used to
-encrypt a payload; see <span>[<a href="#I-D.ietf-lamps-kyber" class="cite xref">I-D.ietf-lamps-kyber</a>]</span>. To be used in
-TLS, Kyber certificates could only be used as end-entity identity
-certificates and would require significant updates to the protocol; see
-<span>[<a href="#I-D.celi-wiggers-tls-authkem" class="cite xref">I-D.celi-wiggers-tls-authkem</a>]</span>.<a href="#section-1.2-1" class="pilcrow">¶</a></p>
-</section>
-</div>
-</section>
-</div>
-<div id="conventions-and-definitions">
-<section id="section-2">
-      <h2 id="name-conventions-and-definitions">
-<a href="#section-2" class="section-number selfRef">2. </a><a href="#name-conventions-and-definitions" class="section-name selfRef">Conventions and Definitions</a>
-      </h2>
-<p id="section-2-1">The key words "<span class="bcp14">MUST</span>", "<span class="bcp14">MUST NOT</span>", "<span class="bcp14">REQUIRED</span>", "<span class="bcp14">SHALL</span>", "<span class="bcp14">SHALL NOT</span>", "<span class="bcp14">SHOULD</span>", "<span class="bcp14">SHOULD NOT</span>", "<span class="bcp14">RECOMMENDED</span>", "<span class="bcp14">NOT RECOMMENDED</span>",
-"<span class="bcp14">MAY</span>", and "<span class="bcp14">OPTIONAL</span>" in this document are to be interpreted as
-described in BCP 14 <span>[<a href="#RFC2119" class="cite xref">RFC2119</a>]</span> <span>[<a href="#RFC8174" class="cite xref">RFC8174</a>]</span> when, and only when, they
-appear in all capitals, as shown here.<a href="#section-2-1" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="algorithm-identifiers">
-<section id="section-3">
-      <h2 id="name-algorithm-identifiers">
-<a href="#section-3" class="section-number selfRef">3. </a><a href="#name-algorithm-identifiers" class="section-name selfRef">Algorithm Identifiers</a>
-      </h2>
-<p id="section-3-1">Certificates conforming to <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span> can convey a public key for any
-public key algorithm. The certificate indicates the algorithm through
-an algorithm identifier. An algorithm identifier consists of an object
-identifier and optional parameters.<a href="#section-3-1" class="pilcrow">¶</a></p>
-<p id="section-3-2">The AlgorithmIdentifier type, which is included herein for convenience,
-is defined as follows:<a href="#section-3-2" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-3-3">
-<pre>
-  AlgorithmIdentifier{ALGORITHM-TYPE, ALGORITHM-TYPE:AlgorithmSet} ::=
-    SEQUENCE {
-      algorithm   ALGORITHM-TYPE.&amp;id({AlgorithmSet}),
-      parameters  ALGORITHM-TYPE.
-                    &amp;Params({AlgorithmSet}{@algorithm}) OPTIONAL
-    }
-</pre><a href="#section-3-3" class="pilcrow">¶</a>
-</div>
-<aside id="section-3-4">
-        <p id="section-3-4.1">: The above syntax is from <span>[<a href="#RFC5912" class="cite xref">RFC5912</a>]</span> and is compatible with the
-  2021 ASN.1 syntax <span>[<a href="#X680" class="cite xref">X680</a>]</span>.<a href="#section-3-4.1" class="pilcrow">¶</a></p>
-</aside>
-<p id="section-3-5">The fields in AlgorithmIdentifier have the following meanings:<a href="#section-3-5" class="pilcrow">¶</a></p>
-<ul class="normal">
-<li class="normal" id="section-3-6.1">
-          <p id="section-3-6.1.1">algorithm identifies the cryptographic algorithm with an object
-identifier.<a href="#section-3-6.1.1" class="pilcrow">¶</a></p>
-</li>
-        <li class="normal" id="section-3-6.2">
-          <p id="section-3-6.2.1">parameters, which are optional, are the associated parameters for
-the algorithm identifier in the algorithm field.<a href="#section-3-6.2.1" class="pilcrow">¶</a></p>
-</li>
-      </ul>
-<p id="section-3-7"><a href="#Kyber-TBD1" class="auto internal xref">Section 4</a> includes object identifiers for Kyber-512, Kyber-768, and
-Kyber-1024. For all of these OIDs, the parameters <span class="bcp14">MUST</span> be absent.<a href="#section-3-7" class="pilcrow">¶</a></p>
-<aside id="section-3-8">
-        <p id="section-3-8.1">: It is possible to find systems that require the parameters to be
-  present. This can be due to either a defect in the original 1997
-  syntax or a programming error where developers never got input where
-  this was not true. The optimal solution is to fix these systems;
-  where this is not possible, the problem needs to be restricted to
-  that subsystem and not propagated to the Internet.<a href="#section-3-8.1" class="pilcrow">¶</a></p>
-</aside>
-</section>
-</div>
-<div id="Kyber-TBD1">
-<section id="section-4">
-      <h2 id="name-kyber-public-key-identifier">
-<a href="#section-4" class="section-number selfRef">4. </a><a href="#name-kyber-public-key-identifier" class="section-name selfRef">Kyber Public Key Identifiers</a>
-      </h2>
-<p id="section-4-1">The AlgorithmIdentifier for a Kyber public key <span class="bcp14">MUST</span> use one of the
-id-alg-kyber object identifiers listed below, based on the security
-level. The parameters field of the AlgorithmIdentifier for the Kyber
-public key <span class="bcp14">MUST</span> be absent.<a href="#section-4-1" class="pilcrow">¶</a></p>
-<p id="section-4-2">When any of the Kyber AlgorithmIdentifier appears in the
-SubjectPublicKeyInfo field of an X.509 certificate, the key usage
-certificate extension <span class="bcp14">MUST</span> only contain keyEncipherment
-<span><a href="https://rfc-editor.org/rfc/rfc5280#section-4.2.1.3" class="relref">Section 4.2.1.3</a> of [<a href="#RFC5280" class="cite xref">RFC5280</a>]</span>.<a href="#section-4-2" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-4-3">
-<pre>
-  pk-kyber-512 PUBLIC-KEY ::= {
-    IDENTIFIER id-alg-kyber-512
-    -- KEY no ASN.1 wrapping --
-    PARAMS ARE absent
-    CERT-KEY-USAGE
-      { keyEncipherment }
-    --- PRIVATE-KEY no ASN.1 wrapping --
-    }
-
-  pk-kyber-768 PUBLIC-KEY ::= {
-    IDENTIFIER id-alg-kyber-768
-    -- KEY no ASN.1 wrapping --
-    PARAMS ARE absent
-    CERT-KEY-USAGE
-      { keyEncipherment }
-    --- PRIVATE-KEY no ASN.1 wrapping --
-    }
-
-  pk-kyber-1024 PUBLIC-KEY ::= {
-    IDENTIFIER id-alg-kyber-1024
-    -- KEY no ASN.1 wrapping --
-    PARAMS ARE absent
-    CERT-KEY-USAGE
-      { keyEncipherment }
-    --- PRIVATE-KEY no ASN.1 wrapping --
-    }
-</pre><a href="#section-4-3" class="pilcrow">¶</a>
-</div>
-<aside id="section-4-4">
-        <p id="section-4-4.1">: As noted in Section 3, the values for these object identifers
-  will be assigned by NIST.  Once assigned, they will be added to a future
-  revision of this document.<a href="#section-4-4.1" class="pilcrow">¶</a></p>
-</aside>
-</section>
-</div>
-<div id="subject-public-key-fields">
-<section id="section-5">
-      <h2 id="name-subject-public-key-fields">
-<a href="#section-5" class="section-number selfRef">5. </a><a href="#name-subject-public-key-fields" class="section-name selfRef">Subject Public Key Fields</a>
-      </h2>
-<p id="section-5-1">In the X.509 certificate, the subjectPublicKeyInfo field has the
-SubjectPublicKeyInfo type, which has the following ASN.1 syntax:<a href="#section-5-1" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-5-2">
-<pre>
-  SubjectPublicKeyInfo {PUBLIC-KEY: IOSet} ::= SEQUENCE {
-      algorithm        AlgorithmIdentifier {PUBLIC-KEY, {IOSet}},
-      subjectPublicKey BIT STRING
-  }
-</pre><a href="#section-5-2" class="pilcrow">¶</a>
-</div>
-<aside id="section-5-3">
-        <p id="section-5-3.1">: The above syntax is from <span>[<a href="#RFC5912" class="cite xref">RFC5912</a>]</span> and is compatible with the
-  2021 ASN.1 syntax <span>[<a href="#X680" class="cite xref">X680</a>]</span>.<a href="#section-5-3.1" class="pilcrow">¶</a></p>
-</aside>
-<p id="section-5-4">The fields in SubjectPublicKeyInfo have the following meaning:<a href="#section-5-4" class="pilcrow">¶</a></p>
-<ul class="normal">
-<li class="normal" id="section-5-5.1">
-          <p id="section-5-5.1.1">algorithm is the algorithm identifier and parameters for the
-public key (see above).<a href="#section-5-5.1.1" class="pilcrow">¶</a></p>
-</li>
-        <li class="normal" id="section-5-5.2">
-          <p id="section-5-5.2.1">subjectPublicKey contains the byte stream of the public key.  The
-algorithms defined in this document always encode the public key
-as TODO pick format e.g., exact multiple of 8 bits?.<a href="#section-5-5.2.1" class="pilcrow">¶</a></p>
-</li>
-      </ul>
-<p id="section-5-6">The following is an example of a Kyber-512 public key encoded using the
-textual encoding defined in <span>[<a href="#RFC7468" class="cite xref">RFC7468</a>]</span>:<a href="#section-5-6" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-5-7">
-<pre>
-  -----BEGIN PUBLIC KEY-----
-  TODO insert example public key
-  -----END PUBLIC KEY-------
-</pre><a href="#section-5-7" class="pilcrow">¶</a>
-</div>
-</section>
-</div>
-<div id="private-key-format">
-<section id="section-6">
-      <h2 id="name-private-key-format">
-<a href="#section-6" class="section-number selfRef">6. </a><a href="#name-private-key-format" class="section-name selfRef">Private Key Format</a>
-      </h2>
-<p id="section-6-1">"Asymmetric Key Packages" <span>[<a href="#RFC5958" class="cite xref">RFC5958</a>]</span> describes how to encode a private
-key in a structure that both identifies what algorithm the private key
-is for and allows for the public key and additional attributes about the
-key to be included as well. For illustration, the ASN.1 structure
-OneAsymmetricKey is replicated below. The algorithm-specific details of
-how a private key is encoded are left for the document describing the
-algorithm itself.<a href="#section-6-1" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-6-2">
-<pre>
-  OneAsymmetricKey ::= SEQUENCE {
-    version                  Version,
-    privateKeyAlgorithm      SEQUENCE {
-    algorithm                PUBLIC-KEY.&amp;id({PublicKeySet}),
-    parameters               PUBLIC-KEY.&amp;Params({PublicKeySet}
-                               {@privateKeyAlgorithm.algorithm})
-                                  OPTIONAL}
-    privateKey               OCTET STRING (CONTAINING
-                               PUBLIC-KEY.&amp;PrivateKey({PublicKeySet}
-                                 {@privateKeyAlgorithm.algorithm})),
-    attributes           [0] Attributes OPTIONAL,
-    ...,
-    [[2: publicKey       [1] BIT STRING (CONTAINING
-                               PUBLIC-KEY.&amp;Params({PublicKeySet}
-                                 {@privateKeyAlgorithm.algorithm})
-                                 OPTIONAL,
-    ...
-  }
-
-  PrivateKey ::= OCTET STRING
-
-  PublicKey ::= BIT STRING
-</pre><a href="#section-6-2" class="pilcrow">¶</a>
-</div>
-<aside id="section-6-3">
-        <p id="section-6-3.1">: The above syntax is from <span>[<a href="#RFC5958" class="cite xref">RFC5958</a>]</span> and is compatible with the
-  2021 ASN.1 syntax <span>[<a href="#X680" class="cite xref">X680</a>]</span>.<a href="#section-6-3.1" class="pilcrow">¶</a></p>
-</aside>
-<p id="section-6-4">For the keys defined in this document, the private key is always an
-opaque byte sequence. The ASN.1 type PqckemPrivateKey is defined in
-this document to hold the byte sequence. Thus, when encoding a
-OneAsymmetricKey object, the private key is wrapped in a
-PqckemPrivateKey object and wrapped by the OCTET STRING of the
-"privateKey" field.<a href="#section-6-4" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-6-5">
-<pre>
-  PqckemPrivateKey ::= OCTET STRING
-</pre><a href="#section-6-5" class="pilcrow">¶</a>
-</div>
-<p id="section-6-6">The following is an example of a Kyber-512 private key encoded using the
-textual encoding defined in <span>[<a href="#RFC7468" class="cite xref">RFC7468</a>]</span>:<a href="#section-6-6" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-6-7">
-<pre>
-  -----BEGIN PRIVATE KEY-----
-  TODO iser example private key
-  -----END PRIVATE KEY-------
-</pre><a href="#section-6-7" class="pilcrow">¶</a>
-</div>
-<p id="section-6-8">The following example, in addition to encoding the Kyber-512 private key,
-has an attribute included as well as the public key. As with the
-prior example, the textual encoding defined in <span>[<a href="#RFC7468" class="cite xref">RFC7468</a>]</span> is used:<a href="#section-6-8" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-6-9">
-<pre>
-  -----BEGIN PRIVATE KEY-----
-  TODO insert example private key with attribute
-  -----END PRIVATE KEY-------
-</pre><a href="#section-6-9" class="pilcrow">¶</a>
-</div>
-<aside id="section-6-10">
-        <p id="section-6-10.1">: There exist some private key import functions that have not
-  implemented the new ASN.1 structure OneAsymmetricKey that is defined in
-  <span>[<a href="#RFC5958" class="cite xref">RFC5958</a>]</span>. This means that they will not accept a private key
-  structure that contains the public key field.  This means a balancing
-  act needs to be done between being able to do a consistency check on the
-  key pair and widest ability to import the key.<a href="#section-6-10.1" class="pilcrow">¶</a></p>
-</aside>
-</section>
-</div>
-<div id="asn1-module">
-<section id="section-7">
-      <h2 id="name-asn1-module">
-<a href="#section-7" class="section-number selfRef">7. </a><a href="#name-asn1-module" class="section-name selfRef">ASN.1 Module</a>
-      </h2>
-<p id="section-7-1">TODO ASN.1 Module<a href="#section-7-1" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="security-considerations">
-<section id="section-8">
-      <h2 id="name-security-considerations">
-<a href="#section-8" class="section-number selfRef">8. </a><a href="#name-security-considerations" class="section-name selfRef">Security Considerations</a>
-      </h2>
-<p id="section-8-1">The Security Considerations section of <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span> applies to this specification as well.<a href="#section-8-1" class="pilcrow">¶</a></p>
-<p id="section-8-2">[EDNOTE: Discuss side-channels for Kyber TBD1.]<a href="#section-8-2" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="iana-considerations">
-<section id="section-9">
-      <h2 id="name-iana-considerations">
-<a href="#section-9" class="section-number selfRef">9. </a><a href="#name-iana-considerations" class="section-name selfRef">IANA Considerations</a>
-      </h2>
-<p id="section-9-1">This document will have some IANA actions.<a href="#section-9-1" class="pilcrow">¶</a></p>
-</section>
-</div>
-<section id="section-10">
-      <h2 id="name-references">
-<a href="#section-10" class="section-number selfRef">10. </a><a href="#name-references" class="section-name selfRef">References</a>
-      </h2>
-<div id="sec-normative-references">
-<section id="section-10.1">
-        <h3 id="name-normative-references">
-<a href="#section-10.1" class="section-number selfRef">10.1. </a><a href="#name-normative-references" class="section-name selfRef">Normative References</a>
-        </h3>
-<dl class="references">
-<dt id="RFC2119">[RFC2119]</dt>
-        <dd>
-<span class="refAuthor">Bradner, S.</span>, <span class="refTitle">"Key words for use in RFCs to Indicate Requirement Levels"</span>, <span class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 2119</span>, <span class="seriesInfo">DOI 10.17487/RFC2119</span>, <time datetime="1997-03" class="refDate">March 1997</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc2119">https://www.rfc-editor.org/rfc/rfc2119</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="RFC5280">[RFC5280]</dt>
-        <dd>
-<span class="refAuthor">Cooper, D.</span>, <span class="refAuthor">Santesson, S.</span>, <span class="refAuthor">Farrell, S.</span>, <span class="refAuthor">Boeyen, S.</span>, <span class="refAuthor">Housley, R.</span>, and <span class="refAuthor">W. Polk</span>, <span class="refTitle">"Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile"</span>, <span class="seriesInfo">RFC 5280</span>, <span class="seriesInfo">DOI 10.17487/RFC5280</span>, <time datetime="2008-05" class="refDate">May 2008</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc5280">https://www.rfc-editor.org/rfc/rfc5280</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="RFC5912">[RFC5912]</dt>
-        <dd>
-<span class="refAuthor">Hoffman, P.</span> and <span class="refAuthor">J. Schaad</span>, <span class="refTitle">"New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX)"</span>, <span class="seriesInfo">RFC 5912</span>, <span class="seriesInfo">DOI 10.17487/RFC5912</span>, <time datetime="2010-06" class="refDate">June 2010</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc5912">https://www.rfc-editor.org/rfc/rfc5912</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="RFC5958">[RFC5958]</dt>
-        <dd>
-<span class="refAuthor">Turner, S.</span>, <span class="refTitle">"Asymmetric Key Packages"</span>, <span class="seriesInfo">RFC 5958</span>, <span class="seriesInfo">DOI 10.17487/RFC5958</span>, <time datetime="2010-08" class="refDate">August 2010</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc5958">https://www.rfc-editor.org/rfc/rfc5958</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="RFC8174">[RFC8174]</dt>
-        <dd>
-<span class="refAuthor">Leiba, B.</span>, <span class="refTitle">"Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words"</span>, <span class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 8174</span>, <span class="seriesInfo">DOI 10.17487/RFC8174</span>, <time datetime="2017-05" class="refDate">May 2017</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc8174">https://www.rfc-editor.org/rfc/rfc8174</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="X680">[X680]</dt>
-        <dd>
-<span class="refAuthor">ITU-T</span>, <span class="refTitle">"Information technology - Abstract Syntax Notation One (ASN.1): Specification of basic notation"</span>, <span class="seriesInfo">ISO/IEC 8824-1:2021</span>, <time datetime="2021-02" class="refDate">February 2021</time>, <span>&lt;<a href="https://www.itu.int/rec/T-REC-X.680">https://www.itu.int/rec/T-REC-X.680</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="X690">[X690]</dt>
-      <dd>
-<span class="refAuthor">ITU-T</span>, <span class="refTitle">"Information technology - Abstract Syntax Notation One (ASN.1): ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)"</span>, <span class="seriesInfo">ISO/IEC 8825-1:2021</span>, <time datetime="2021-02" class="refDate">February 2021</time>, <span>&lt;<a href="https://www.itu.int/rec/T-REC-X.690">https://www.itu.int/rec/T-REC-X.690</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-</dl>
-</section>
-</div>
-<div id="sec-informative-references">
-<section id="section-10.2">
-        <h3 id="name-informative-references">
-<a href="#section-10.2" class="section-number selfRef">10.2. </a><a href="#name-informative-references" class="section-name selfRef">Informative References</a>
-        </h3>
-<dl class="references">
-<dt id="I-D.celi-wiggers-tls-authkem">[I-D.celi-wiggers-tls-authkem]</dt>
-        <dd>
-<span class="refAuthor">Wiggers, T.</span>, <span class="refAuthor">Celi, S.</span>, <span class="refAuthor">Schwabe, P.</span>, <span class="refAuthor">Stebila, D.</span>, and <span class="refAuthor">N. Sullivan</span>, <span class="refTitle">"KEM-based Authentication for TLS 1.3"</span>, <span class="refContent">Work in Progress</span>, <span class="seriesInfo">Internet-Draft, draft-celi-wiggers-tls-authkem-02</span>, <time datetime="2023-08-18" class="refDate">18 August 2023</time>, <span>&lt;<a href="https://datatracker.ietf.org/doc/html/draft-celi-wiggers-tls-authkem-02">https://datatracker.ietf.org/doc/html/draft-celi-wiggers-tls-authkem-02</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="I-D.ietf-lamps-kyber">[I-D.ietf-lamps-kyber]</dt>
-        <dd>
-<span class="refAuthor">Prat, J.</span> and <span class="refAuthor">M. Ounsworth</span>, <span class="refTitle">"Use of KYBER in the Cryptographic Message Syntax (CMS)"</span>, <span class="refContent">Work in Progress</span>, <span class="seriesInfo">Internet-Draft, draft-ietf-lamps-kyber-00</span>, <time datetime="2022-11-10" class="refDate">10 November 2022</time>, <span>&lt;<a href="https://datatracker.ietf.org/doc/html/draft-ietf-lamps-kyber-00">https://datatracker.ietf.org/doc/html/draft-ietf-lamps-kyber-00</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="PQCProj">[PQCProj]</dt>
-        <dd>
-<span class="refAuthor">National Institute of Standards and Technology</span>, <span class="refTitle">"Post-Quantum Cryptography Project"</span>, <time datetime="2016-12-20" class="refDate">20 December 2016</time>, <span>&lt;<a href="https://csrc.nist.gov/projects/post-quantum-cryptography">https://csrc.nist.gov/projects/post-quantum-cryptography</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="RFC7468">[RFC7468]</dt>
-      <dd>
-<span class="refAuthor">Josefsson, S.</span> and <span class="refAuthor">S. Leonard</span>, <span class="refTitle">"Textual Encodings of PKIX, PKCS, and CMS Structures"</span>, <span class="seriesInfo">RFC 7468</span>, <span class="seriesInfo">DOI 10.17487/RFC7468</span>, <time datetime="2015-04" class="refDate">April 2015</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc7468">https://www.rfc-editor.org/rfc/rfc7468</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-</dl>
-</section>
-</div>
-</section>
-<div id="acknowledgments">
-<section id="appendix-A">
-      <h2 id="name-acknowledgments">
-<a href="#name-acknowledgments" class="section-name selfRef">Acknowledgments</a>
-      </h2>
-<p id="appendix-A-1">TODO acknowledge.<a href="#appendix-A-1" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="authors-addresses">
-<section id="appendix-B">
-      <h2 id="name-authors-addresses">
-<a href="#name-authors-addresses" class="section-name selfRef">Authors' Addresses</a>
-      </h2>
-<address class="vcard">
-        <div dir="auto" class="left"><span class="fn nameRole">Sean Turner</span></div>
-<div dir="auto" class="left"><span class="org">sn3rd</span></div>
-<div class="email">
-<span>Email:</span>
-<a href="mailto:sean@sn3rd.com" class="email">sean@sn3rd.com</a>
-</div>
-</address>
-<address class="vcard">
-        <div dir="auto" class="left"><span class="fn nameRole">Panos Kampanakis</span></div>
-<div dir="auto" class="left"><span class="org">AWS</span></div>
-<div class="email">
-<span>Email:</span>
-<a href="mailto:kpanos@amazon.com" class="email">kpanos@amazon.com</a>
-</div>
-</address>
-<address class="vcard">
-        <div dir="auto" class="left"><span class="fn nameRole">Jake Massimo</span></div>
-<div dir="auto" class="left"><span class="org">AWS</span></div>
-<div class="email">
-<span>Email:</span>
-<a href="mailto:jakemas@amazon.com" class="email">jakemas@amazon.com</a>
-</div>
-</address>
-<address class="vcard">
-        <div dir="auto" class="left"><span class="fn nameRole">Bas Westerbaan</span></div>
-<div dir="auto" class="left"><span class="org">Cloudflare</span></div>
-<div class="email">
-<span>Email:</span>
-<a href="mailto:bas@westerbaan.name" class="email">bas@westerbaan.name</a>
-</div>
-</address>
-</section>
-</div>
-<script>const toc = document.getElementById("toc");
-toc.querySelector("h2").addEventListener("click", e => {
-  toc.classList.toggle("active");
-});
-toc.querySelector("nav").addEventListener("click", e => {
-  toc.classList.remove("active");
-});
-</script>
-</body>
-</html>
diff --git a/seanturner-asides/draft-turner-lamps-nist-pqc-kem-certificates.html b/seanturner-asides/draft-turner-lamps-nist-pqc-kem-certificates.html
deleted file mode 100644
index 007d7d1..0000000
--- a/seanturner-asides/draft-turner-lamps-nist-pqc-kem-certificates.html
+++ /dev/null
@@ -1,1576 +0,0 @@
-<!DOCTYPE html>
-<html lang="en" class="Internet-Draft">
-<head>
-<meta charset="utf-8">
-<meta content="Common,Latin" name="scripts">
-<meta content="initial-scale=1.0" name="viewport">
-<title>Algorithm Identifiers for NIST's PQC Algorithms for Use in the Internet X.509 Public Key Infrastructure</title>
-<meta content="Sean Turner" name="author">
-<meta content="Panos Kampanakis" name="author">
-<meta content="Jake Massimo" name="author">
-<meta content="Bas Westerbaan" name="author">
-<meta content="
-       This document specifies algorithm identifiers and ASN.1 encoding format
-for the US NIST's PQC KEM (United States National Institute of Standards
-and Technology's Post Quantum Cryptography Key Encapsulation Mechanism)
-algorithms. The algorithms covered are Candidate TBD1. The
-encoding for public key and private key is also provided. 
-       [EDNOTE:
-This draft is not expected to be finalized before the NIST PQC Project
-has standardized PQ algorithms. After NIST has standardized its first
-algorithms, this document will replace TBD, with the appropriate
-algorithms and parameters before proceeding to ratification. The
-algorithm Candidate TBD1 has been added as an example in this draft, to
-provide a more detailed illustration of the content - it by no means
-indicates its inclusion in the final version. This specification will
-use object identifiers for the new algorithms that are assigned by NIST,
-and will use placeholders until these are released.] 
-    " name="description">
-<meta content="xml2rfc 3.18.2" name="generator">
-<meta content="Internet-Draft" name="keyword">
-<meta content="draft-turner-lamps-nist-pqc-kem-certificates-latest" name="ietf.draft">
-<!-- Generator version information:
-  xml2rfc 3.18.2
-    Python 3.11.6
-    ConfigArgParse 1.5.3
-    google-i18n-address 3.1.0
-    intervaltree 3.1.0
-    Jinja2 3.1.2
-    lxml 4.9.3
-    platformdirs 3.11.0
-    pycountry 22.3.5
-    PyYAML 6.0
-    requests 2.31.0
-    setuptools 67.7.2
-    six 1.16.0
-    wcwidth 0.2.8
--->
-<link href="draft-turner-lamps-nist-pqc-kem-certificates.xml" rel="alternate" type="application/rfc+xml">
-<link href="#copyright" rel="license">
-<style type="text/css">@font-face {
-  font-family: 'Lora';
-  font-style: italic;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Italic'), local('Lora-Italic'), url('https://martinthomson.github.io/rfc-css/fonts/lora-italic-cyrillic-ext.woff2') format('woff2');
-  unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: italic;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Italic'), local('Lora-Italic'), url('https://martinthomson.github.io/rfc-css/fonts/lora-italic-cyrillic-ext.woff2') format('woff2');
-  unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: italic;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Italic'), local('Lora-Italic'), url('https://martinthomson.github.io/rfc-css/fonts/lora-italic-vietnamese.woff2') format('woff2');
-  unicode-range: U+0102-0103, U+0110-0111, U+1EA0-1EF9, U+20AB;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: italic;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Italic'), local('Lora-Italic'), url('https://martinthomson.github.io/rfc-css/fonts/lora-italic-latin-ext.woff2') format('woff2');
-  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-}
-
-@font-face {
-  font-family: 'Lora';
-  font-style: italic;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Italic'), local('Lora-Italic'), url('https://martinthomson.github.io/rfc-css/fonts/lora-italic-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Regular'), local('Lora-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/lora-regular-cyrillic-ext.woff2') format('woff2');
-  unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Regular'), local('Lora-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/lora-regular-cyrillic.woff2') format('woff2');
-  unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Regular'), local('Lora-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/lora-regular-vietnamese.woff2') format('woff2');
-  unicode-range: U+0102-0103, U+0110-0111, U+1EA0-1EF9, U+20AB;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Regular'), local('Lora-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/lora-regular-latin-ext.woff2') format('woff2');
-  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Regular'), local('Lora-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/lora-regular-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local('Lora Bold'), local('Lora-Bold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-bold-cyrillic-ext.woff2') format('woff2');
-  unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local('Lora Bold'), local('Lora-Bold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-bold-cyrillic.woff2') format('woff2');
-  unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local('Lora Bold'), local('Lora-Bold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-bold-vietnamese.woff2') format('woff2');
-  unicode-range: U+0102-0103, U+0110-0111, U+1EA0-1EF9, U+20AB;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local('Lora Bold'), local('Lora-Bold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-bold-latin-ext.woff2') format('woff2');
-  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local('Lora Bold'), local('Lora-Bold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-bold-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 600;
-  font-display: swap;
-  src: local('Lora SemiBold'), local('Lora-SemiBold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-semibold-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-
-@font-face {
-  font-family: 'Cabin Condensed';
-  font-style: normal;
-  font-weight: 600;
-  font-display: swap;
-  src: local('Cabin Condensed SemiBold'), local('CabinCondensed-SemiBold'), url('https://martinthomson.github.io/rfc-css/fonts/cabincondensed-semibold-vietnamese.woff2') format('woff2');
-  unicode-range: U+0102-0103, U+0110-0111, U+1EA0-1EF9, U+20AB;
-}
-@font-face {
-  font-family: 'Cabin Condensed';
-  font-style: normal;
-  font-weight: 600;
-  font-display: swap;
-  src: local('Cabin Condensed SemiBold'), local('CabinCondensed-SemiBold'), url('https://martinthomson.github.io/rfc-css/fonts/cabincondensed-semibold-latin-ext.woff2') format('woff2');
-  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-}
-@font-face {
-  font-family: 'Cabin Condensed';
-  font-style: normal;
-  font-weight: 600;
-  font-display: swap;
-  src: local('Cabin Condensed SemiBold'), local('CabinCondensed-SemiBold'), url('https://martinthomson.github.io/rfc-css/fonts/cabincondensed-semibold-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-
-@font-face {
-  font-family: 'Oxygen Mono';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Oxygen Mono'), local('OxygenMono-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/oxygenmono-regular-latin-ext.woff2') format('woff2');
-  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-}
-@font-face {
-  font-family: 'Oxygen Mono';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Oxygen Mono'), local('OxygenMono-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/oxygenmono-regular-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-
-:root {
-  color-scheme: light dark;
-  --background-color: #fff;
-  --text-color: #222;
-  --title-color: #191919;
-  --link-color: #2a6496;
-  --highlight-color: #f9f9f9;
-  --line-color: #eee;
-  --pilcrow-weak: #ddd;
-  --pilcrow-strong: #bbb;
-  --small-font-size: 14.5px;
-  --font-mono: 'Oxygen Mono', monospace;
-  scrollbar-color: #bbb #eee;
-}
-body {
-  max-width: 600px;
-  margin: 75px auto;
-  padding: 0 5px;
-  color: var(--text-color);
-  background-color: var(--background-color);
-  font: 16px/22px "Lora", serif;
-  scroll-behavior: smooth;
-}
-
-.ears {
-  display: none;
-}
-
-/* headings */
-h1, h2, h3, h4, h5, h6 {
-  font-family: "Cabin Condensed", sans-serif;
-  font-weight: 600;
-  margin: 0.8em 0 0.3em;
-  font-size-adjust: 0.5;
-  color: var(--title-color);
-}
-h1#title {
-  font-size: 32px;
-  line-height: 40px;
-  clear: both;
-}
-h1#title, h1#rfcnum {
-  margin: 1.5em 0 0.2em;
-}
-h1#rfcnum + h1#title {
-  margin: 0.2em 0;
-}
-
-h1, h2, h3 {
-  font-size: 22px;
-  line-height: 27px;
-}
-h4, h5, h6 {
-  font-size: 20px;
-  line-height: 24px;
-}
-
-/* general structure */
-.author {
-  padding-bottom: 0.3em;
-}
-#abstract+p {
-  font-size: 18px;
-  line-height: 24px;
-}
-#abstract+p code, #abstract+p samp, #abstract+p tt {
-  font-size: 16px;
-  line-height: 0;
-}
-
-p {
-  padding: 0;
-  margin: 0.5em 0;
-  text-align: left;
-}
-div {
-  margin: 0;
-}
-.alignRight.art-text {
-  background-color: var(--highlight-color);
-  border: 1px solid var(--line-color);
-  border-radius: 3px;
-  padding: 0.5em 1em 0;
-  margin-bottom: 0.5em;
-}
-.alignRight.art-text pre {
-  padding: 0;
-  width: auto;
-}
-.alignRight {
-  margin: 1em 0;
-}
-.alignRight > *:first-child {
-  border: none;
-  margin: 0;
-  float: right;
-  clear: both;
-}
-.alignRight > *:nth-child(2) {
-  clear: both;
-  display: block;
-  border: none;
-}
-svg {
-  display: block;
-}
-/* font-family isn't space-separated, but =~ will have to do */
-svg[font-family~="monospace" i], svg [font-family~="monospace" i] {
-  font-family: var(--font-mono);
-}
-.alignCenter.art-text {
-  background-color: var(--highlight-color);
-  border: 1px solid var(--line-color);
-  border-radius: 3px;
-  padding: 0.5em 1em 0;
-  margin-bottom: 0.5em;
-}
-.alignCenter.art-text pre {
-  padding: 0;
-  width: auto;
-}
-.alignCenter {
-  margin: 1em 0;
-}
-.alignCenter > *:first-child {
-  border: none;
-  /* this isn't optimal, but it's an existence proof.  PrinceXML doesn't
-     support flexbox yet.
-  */
-  display: table;
-  margin: 0 auto;
-}
-
-/* lists */
-ol, ul {
-  padding: 0;
-  margin: 0 0 0.5em 2em;
-}
-:is(ol, ul) :is(ol, ul) {
-  margin-left: 1em;
-}
-li {
-  margin: 0 0 0.25em 0;
-}
-.ulCompact li {
-  margin: 0;
-}
-ul.empty, .ulEmpty {
-  list-style-type: none;
-}
-ul.empty li, .ulEmpty li {
-  margin-top: 0.5em;
-}
-:is(ul, ol).compact, .ulCompact, .olCompact {
-  line-height: 1;
-  margin: 0 0 0 2em;
-}
-
-/* definition lists */
-dl {
-  clear: left;
-  --indent: 3ch;
-  /* --indent: attr(indent ch); not supported in any browser, but we can dream */
-}
-dl.olPercent {
-  --indent: 5ch;
-}
-dl > dt {
-  float: left;
-  margin-right: 2ch;
-  min-width: 8ch;
-}
-dl.dlNewline > dt {
-  float: none;
-}
-dl > dd {
-  margin-bottom: .8em;
-  margin-left: var(--indent) !important; /* stupid element overrides */
-  min-height: 2ex;
-}
-dl.olPercent > dt {
-  min-width: calc(var(--indent) - 2ch);
-}
-:is(dl.compact, .dlCompact) > dd {
-  margin-bottom: 0;
-}
-:is(dl.compact, .dlCompact) > dd > :is(:first-child, .break:first-child + *) {
-  margin-top: 0;
-}
-:is(dl.compact, .dlCompact) > dd > :is(:last-child) {
-  margin-bottom: 0;
-}
-dl > dd > dl {
-  margin-top: 0.5em;
-  margin-bottom: 0;
-}
-:is(dd, span).break {
-  display: none;
-}
-
-/* links */
-a, a[href].selfRef:hover {
-  text-decoration: none;
-}
-a[href] {
-  color: var(--link-color);
-}
-a[href].selfRef, .iref + a[href].internal {
-  color: var(--text-color);
-}
-a[href]:hover {
-  text-decoration: underline;
-}
-a[href].selfRef:hover {
-  background-color: var(--highlight-color);
-}
-a.xref:is(.cite, .auto), :is(#status-of-memo, #copyright) a {
-  white-space: nowrap;
-}
-
-/* Figures */
-tt, code, pre {
-  background-color: var(--highlight-color);
-  font: 14px/22px var(--font-mono);
-}
-tt, code {
-  /* changing the font for inline elements leads to different ascender
-     and descender heights; as we want to retain baseline alignment,
-     remove leading to avoid altering the final height of lines
-     note: this fails if these blocks take an entire line,
-     a different solution would be great */
-  line-height: 0;
-}
-:is(h1, h2, h3, h4, h5, h6) :is(tt, code) {
-  font-size: 84%;
-}
-pre {
-  border: 1px solid var(--line-color);
-  font-size: 13.5px;
-  line-height: 16px;
-  letter-spacing: -0.2px;
-  margin: 5px;
-  padding: 5px;
-}
-img {
-  max-width: 100%;
-}
-figure {
-  margin: 0.5em 0;
-  padding: 0;
-}
-figure blockquote {
-  margin: 0.8em 0.4em 0.4em;
-}
-figcaption, caption {
-  font-style: italic;
-  margin: 0.5em 1.5em;
-  text-align: left;
-}
-@media screen {
-  /* Auto-collapse boilerplate. */
-  :is(#status-of-memo, #copyright) p {
-    margin: -2px 0;
-    max-height: 0;
-    transition: max-height 2s ease, margin 0.5s ease 0.5s;
-    overflow: hidden;
-  }
-  :is(#status-of-memo, #copyright):hover p,
-  :is(#status-of-memo, #copyright) h2:target ~ p {
-    margin: 0.5em 0;
-    max-height: 500px;
-    overflow: auto;
-  }
-  pre, svg {
-    display: inline-block;
-    overflow-x: auto;
-  }
-  pre {
-    max-width: 100%;
-    width: calc(100% - 22px - 1em);
-  }
-  svg {
-    max-width: calc(100% - 22px - 1em);
-  }
-  figure pre {
-    display: block;
-    width: calc(100% - 25px);
-  }
-  :is(pre, svg) + .pilcrow {
-    display: inline-block;
-    vertical-align: text-bottom;
-    padding-bottom: 8px;
-  }
-}
-
-/* aside, blockquote */
-aside, blockquote {
-  margin-left: 0;
-  padding: 0 2em;
-  font-style: italic;
-}
-blockquote {
-  margin: 1em 0;
-}
-cite {
-  display: block;
-  text-align: right;
-  font-style: italic;
-}
-
-/* tables */
-table {
-  max-width: 100%;
-  margin: 0 0 1em;
-  border-collapse: collapse;
-}
-table.right {
-  margin-left: auto;
-}
-table.center {
-  margin-left: auto;
-  margin-right: auto;
-}
-table.left {
-  margin-right: auto;
-}
-thead, tbody {
-  border: 1px solid var(--line-color);
-}
-th, td {
-  text-align: left;
-  vertical-align: top;
-  padding: 5px 10px;
-}
-th {
-  background-color: var(--line-color);
-}
-:is(tr:nth-child(2n), thead+tbody > tr:nth-child(2n+1)) > td {
-  background-color: var(--background-color);
-}
-:is(tr:nth-child(2n+1), thead+tbody > tr:nth-child(2n)) > td {
-  background-color: var(--highlight-color);
-}
-table caption {
-  margin: 0;
-  padding: 3px 0 3px 1em;
-}
-table p {
-  margin: 0;
-}
-
-/* pilcrow */
-a.pilcrow {
-  margin-left: 3px;
-  opacity: 0.2;
-  user-select: none;
-}
-a.pilcrow[href] { color: var(--pilcrow-weak); }
-a.pilcrow[href]:hover { text-decoration: none; }
-@media not print {
-  :hover > a.pilcrow {
-    opacity: 1;
-  }
-  a.pilcrow[href]:hover {
-    color: var(--pilcrow-strong);
-    background-color: transparent;
-  }
-}
-@media print {
-  a.pilcrow {
-    display: none;
-  }
-}
-
-/* misc */
-hr {
-  border: 0;
-  border-top: 1px solid var(--line-color);
-}
-.bcp14 {
-  font-variant: small-caps;
-  font-weight: 600;
-  font-size: var(--small-font-size);
-}
-.role {
-  font-variant: all-small-caps;
-}
-sub, sup {
-  line-height: 1;
-  font-size: 80%;
-}
-
-/* info block */
-#identifiers {
-  margin: 0;
-  font-size: var(--small-font-size);
-  line-height: 18px;
-  --identifier-width: 15ch;
-}
-#identifiers dt {
-  width: var(--identifier-width);
-  min-width: var(--identifier-width);
-  clear: left;
-  float: left;
-  text-align: right;
-  margin-right: 1ch;
-}
-#identifiers dd {
-  margin: 0;
-  margin-left: calc(1em + var(--identifier-width)) !important;
-  min-width: 5em;
-}
-#identifiers .authors .author {
-  display: inline-block;
-  margin-right: 1.5em;
-}
-#identifiers .authors .org {
-  font-style: italic;
-}
-
-/* The prepared/rendered info at the very bottom of the page */
-.docInfo {
-  color: #999;
-  font-size: 0.9em;
-  font-style: italic;
-  margin-top: 2em;
-}
-.docInfo .prepared {
-  float: left;
-}
-.docInfo .prepared {
-  float: right;
-}
-
-/* table of contents */
-#toc {
-  padding: 0.75em 0 2em 0;
-  margin-bottom: 1em;
-}
-#toc nav ul {
-  margin: 0 0.5em 0 0;
-  padding: 0;
-  list-style: none;
-}
-#toc nav li {
-  line-height: 1.3em;
-  margin: 2px 0;
-  padding-left: 1.2em;
-  text-indent: -1.2em;
-}
-#toc a.xref {
-  white-space: normal;
-}
-/* references */
-.references dt {
-  text-align: right;
-  font-weight: bold;
-  min-width: 10ch;
-  margin-right: 1.5ch;
-}
-.references dt:target::before {
-  content: "⇒";
-  width: 15px;
-  margin: 0 10px 0 -25px;
-}
-.references dd {
-  margin-left: 12ch !important;
-  overflow: auto;
-}
-
-.refInstance {
-  margin-bottom: 1.25em;
-}
-
-.references .ascii {
-  margin-bottom: 0.25em;
-}
-
-/* index */
-#rfc\.index\.index + ul {
-  margin-left: 0;
-}
-
-/* authors */
-address.vcard {
-  font-style: normal;
-  margin: 1em 0;
-}
-address.vcard .nameRole {
-  font-weight: 700;
-  margin-left: 0;
-}
-address.vcard .label {
-  margin: 0.5em 0;
-}
-address.vcard .type {
-  display: none;
-}
-.alternative-contact {
-  margin: 1.5em 0 1em;
-}
-hr.addr {
-  border-top: 1px dashed;
-  margin: 0;
-  color: #ddd;
-  max-width: calc(100% - 16px);
-}
-@media (min-width: 500px) {
-  #authors-addresses > section {
-    column-count: 2;
-    column-gap: 20px;
-  }
-  #authors-addresses > section > h2 {
-    column-span: all;
-  }
-  /* hack for break-inside: avoid-column */
-  #authors-addresses address {
-    display: inline-block;
-    break-inside: avoid-column;
-  }
-}
-
-.rfcEditorRemove p:first-of-type {
-  font-style: italic;
-}
-.cref {
-  background-color: rgba(249, 232, 105, 0.3);
-  padding: 2px 4px;
-}
-.crefSource {
-  font-style: italic;
-}
-/* alternative layout for smaller screens */
-@media screen and (max-width: 929px) {
-  #toc {
-    position: fixed;
-    z-index: 2;
-    top: 0;
-    right: 0;
-    padding: 1px 0 0 0;
-    margin: 0;
-    border-bottom: 1px solid #ccc;
-    opacity: 0.6;
-  }
-  #toc.active {
-      opacity: 1;
-  }
-  #toc h2 {
-    margin: 0;
-    padding: 2px 0 2px 6px;
-    padding-right: 1em;
-    font-size: 18px;
-    line-height: 24px;
-    min-width: 190px;
-    text-align: right;
-    background-color: #444;
-    color: white;
-    cursor: pointer;
-  }
-  #toc h2::before { /* css hamburger */
-    float: right;
-    position: relative;
-    width: 1em;
-    height: 1px;
-    left: -164px;
-    margin: 8px 0 0 0;
-    background: white none repeat scroll 0 0;
-    box-shadow: 0 4px 0 0 white, 0 8px 0 0 white;
-    content: "";
-  }
-  #toc nav {
-    display: none;
-    background-color: var(--background-color);
-    padding: 0.5em 1em 1em;
-    overflow: auto;
-    overscroll-behavior: contain;
-    height: calc(100vh - 48px);
-    border-left: 1px solid #ddd;
-  }
-  #toc.active nav {
-    display: block;
-  }
-  /* Make the collapsed ToC header render white on gray also when it's a link */
-  #toc h2 a,
-  #toc h2 a:link,
-  #toc h2 a:focus,
-  #toc h2 a:hover,
-  #toc a.toplink,
-  #toc a.toplink:hover {
-    color: white;
-    background-color: #444;
-    text-decoration: none;
-  }
-  #toc a.toplink {
-    margin-top: 2px;
-  }
-}
-
-/* alternative layout for wide screens */
-@media screen and (min-width: 930px) {
-  body {
-    padding-right: 360px;
-    padding-right: calc(min(180px + 20%, 500px));
-  }
-  #toc {
-    position: fixed;
-    bottom: 0;
-    right: 0;
-    right: calc(50vw - 480px);
-    width: 312px;
-    margin: 0;
-    padding: 0;
-    z-index: 1;
-  }
-  #toc h2 {
-    margin: 0;
-    padding: 0.25em 1em 1em 0;
-  }
-  #toc nav {
-    display: block;
-    height: calc(90vh - 84px);
-    bottom: 0;
-    padding: 0.5em 0 2em;
-    overflow: auto;
-    overscroll-behavior: contain;
-    scrollbar-width: thin;
-  }
-  #toc nav > ul  {
-    margin-bottom: 2em;
-  }
-  #toc ul {
-    margin: 0 0 0 4px;
-    font-size: var(--small-font-size);
-  }
-  #toc ul :is(p, li) {
-    margin: 2px 0;
-    line-height: 22px;
-  }
-  img { /* future proofing */
-    max-width: 100%;
-    height: auto;
-  }
-}
-
-/* pagination */
-@media print {
-  body {
-    width: 100%;
-  }
-  p {
-    orphans: 3;
-    widows: 3;
-  }
-  #n-copyright-notice {
-    border-bottom: none;
-  }
-  #toc, #n-introduction {
-    page-break-before: always;
-  }
-  #toc {
-    border-top: none;
-    padding-top: 0;
-  }
-  figure, pre, .vcard {
-    page-break-inside: avoid;
-  }
-  h1, h2, h3, h4, h5, h6 {
-    page-break-after: avoid;
-  }
-  :is(h2, h3, h4, h5, h6)+*, dd {
-    page-break-before: avoid;
-  }
-  pre {
-    white-space: pre-wrap;
-    word-wrap: break-word;
-    font-size: 10pt;
-  }
-  table {
-    border: 1px solid #ddd;
-  }
-  td {
-    border-top: 1px solid #ddd;
-  }
-  .toplink {
-    display: none;
-  }
-}
-
-@page :first {
-  padding-top: 0;
-  @top-left {
-    content: normal;
-    border: none;
-  }
-  @top-center {
-    content: normal;
-    border: none;
-  }
-  @top-right {
-    content: normal;
-    border: none;
-  }
-}
-
-@page {
-  size: A4;
-  margin-bottom: 45mm;
-  padding-top: 20px;
-}
-
-/* Changes introduced to fix issues found during implementation */
-
-/* Separate body from document info even without intervening H1 */
-section {
-  clear: both;
-}
-
-/* Top align author divs, to avoid names without organization dropping level with org names */
-.author {
-  vertical-align: top;
-}
-
-/* Style section numbers with more space between number and title */
-.section-number {
-  padding-right: 0.5em;
-}
-
-/* Add styling for a link in the ToC that points to the top of the document */
-a.toplink {
-  float: right;
-  margin: 8px 0.5em 0;
-}
-
-/* Provide styling for table cell text alignment */
-table .text-left {
-  text-align: left;
-}
-table .text-center {
-  text-align: center;
-}
-table .text-right {
-  text-align: right;
-}
-
-/* Make the alternative author contact information look less like just another
-   author, and group it closer with the primary author contact information */
-.alternative-contact {
-  margin: 0.5em 0 0.25em 0;
-}
-address .non-ascii {
-  margin: 0 0 0 2em;
-}
-
-/* With it being possible to set tables with alignment
-  left, center, and right, { width: 100%; } does not make sense */
-table {
-  width: auto;
-}
-
-/* Avoid reference text that sits in a block with very wide left margin,
-   because of a long floating dt label.*/
-.references dd {
-  overflow: visible;
-}
-
-/* Control caption placement */
-caption {
-  caption-side: bottom;
-}
-
-/* Limit the width of the author address vcard, so names in right-to-left
-   script don't end up on the other side of the page. */
-
-address.vcard {
-  max-width: 20em;
-  margin-right: auto;
-}
-
-/* For address alignment dependent on LTR or RTL scripts */
-address div.left {
-  text-align: left;
-}
-address div.right {
-  text-align: right;
-}
-
-/* Dark mode. */
-@media (prefers-color-scheme: dark) {
-:root {
-  --background-color: #121212;
-  --text-color: #f0f0f0;
-  --title-color: #fff;
-  --link-color: #4da4f0;
-  --highlight-color: #282828;
-  --line-color: #444;
-  --pilcrow-weak: #444;
-  --pilcrow-strong: #666;
-  scrollbar-color: #777 #333;
-}
-}
-
-/* SVG Trick: a prefix match works because only black and white are allowed */
-svg :is([stroke="black"], [stroke^="#000"]) {
-  stroke: var(--text-color);
-}
-svg :is([stroke="white"], [stroke^="#fff"]) {
-  stroke: var(--background-color);
-}
-svg :is([fill="black"], [fill^="#000"], :not([fill])) {
-  fill: var(--text-color);
-}
-svg :is([fill="white"], [fill^="#fff"]) {
-  fill: var(--background-color);
-}
-</style>
-
-</head>
-<body class="xml2rfc">
-<table class="ears">
-<thead><tr>
-<td class="left">Internet-Draft</td>
-<td class="center">PQC KEM for Certificates</td>
-<td class="right">October 2023</td>
-</tr></thead>
-<tfoot><tr>
-<td class="left">Turner, et al.</td>
-<td class="center">Expires 25 April 2024</td>
-<td class="right">[Page]</td>
-</tr></tfoot>
-</table>
-<div id="external-metadata" class="document-information"></div>
-<div id="internal-metadata" class="document-information">
-<dl id="identifiers">
-<dt class="label-workgroup">Workgroup:</dt>
-<dd class="workgroup">None</dd>
-<dt class="label-internet-draft">Internet-Draft:</dt>
-<dd class="internet-draft">draft-turner-lamps-nist-pqc-kem-certificates-latest</dd>
-<dt class="label-published">Published:</dt>
-<dd class="published">
-<time datetime="2023-10-23" class="published">23 October 2023</time>
-    </dd>
-<dt class="label-intended-status">Intended Status:</dt>
-<dd class="intended-status">Standards Track</dd>
-<dt class="label-expires">Expires:</dt>
-<dd class="expires"><time datetime="2024-04-25">25 April 2024</time></dd>
-<dt class="label-authors">Authors:</dt>
-<dd class="authors">
-<div class="author">
-      <div class="author-name">S. Turner</div>
-<div class="org">sn3rd</div>
-</div>
-<div class="author">
-      <div class="author-name">P. Kampanakis</div>
-<div class="org">AWS</div>
-</div>
-<div class="author">
-      <div class="author-name">J. Massimo</div>
-<div class="org">AWS</div>
-</div>
-<div class="author">
-      <div class="author-name">B. Westerbaan</div>
-<div class="org">Cloudflare</div>
-</div>
-</dd>
-</dl>
-</div>
-<h1 id="title">Algorithm Identifiers for NIST's PQC Algorithms for Use in the Internet X.509 Public Key Infrastructure</h1>
-<section id="section-abstract">
-      <h2 id="abstract"><a href="#abstract" class="selfRef">Abstract</a></h2>
-<p id="section-abstract-1">This document specifies algorithm identifiers and ASN.1 encoding format
-for the US NIST's PQC KEM (United States National Institute of Standards
-and Technology's Post Quantum Cryptography Key Encapsulation Mechanism)
-algorithms. The algorithms covered are Candidate TBD1. The
-encoding for public key and private key is also provided.<a href="#section-abstract-1" class="pilcrow">¶</a></p>
-<p id="section-abstract-2">[EDNOTE:
-This draft is not expected to be finalized before the NIST PQC Project
-has standardized PQ algorithms. After NIST has standardized its first
-algorithms, this document will replace TBD, with the appropriate
-algorithms and parameters before proceeding to ratification. The
-algorithm Candidate TBD1 has been added as an example in this draft, to
-provide a more detailed illustration of the content - it by no means
-indicates its inclusion in the final version. This specification will
-use object identifiers for the new algorithms that are assigned by NIST,
-and will use placeholders until these are released.]<a href="#section-abstract-2" class="pilcrow">¶</a></p>
-</section>
-<section class="note rfcEditorRemove" id="section-note.1">
-      <h2 id="name-about-this-document">
-<a href="#name-about-this-document" class="section-name selfRef">About This Document</a>
-      </h2>
-<p id="section-note.1-1">This note is to be removed before publishing as an RFC.<a href="#section-note.1-1" class="pilcrow">¶</a></p>
-<p id="section-note.1-2">
-        Status information for this document may be found at <span><a href="https://datatracker.ietf.org/doc/draft-turner-lamps-nist-pqc-kem-certificates/">https://datatracker.ietf.org/doc/draft-turner-lamps-nist-pqc-kem-certificates/</a></span>.<a href="#section-note.1-2" class="pilcrow">¶</a></p>
-<p id="section-note.1-3">
-        Discussion of this document takes place on the
-        Limited Additional Mechanisms for PKIX and SMIME (lamps) Working Group mailing list (<span><a href="mailto:spasm@ietf.org">mailto:spasm@ietf.org</a></span>),
-        which is archived at <span><a href="https://mailarchive.ietf.org/arch/browse/spasm/">https://mailarchive.ietf.org/arch/browse/spasm/</a></span>.
-        Subscribe at <span><a href="https://www.ietf.org/mailman/listinfo/spasm/">https://www.ietf.org/mailman/listinfo/spasm/</a></span>.<a href="#section-note.1-3" class="pilcrow">¶</a></p>
-<p id="section-note.1-4">Source for this draft and an issue tracker can be found at
-        <span><a href="https://github.com/seanturner/draft-turner-lamps-nist-pqc-kem-certificates">https://github.com/seanturner/draft-turner-lamps-nist-pqc-kem-certificates</a></span>.<a href="#section-note.1-4" class="pilcrow">¶</a></p>
-</section>
-<div id="status-of-memo">
-<section id="section-boilerplate.1">
-        <h2 id="name-status-of-this-memo">
-<a href="#name-status-of-this-memo" class="section-name selfRef">Status of This Memo</a>
-        </h2>
-<p id="section-boilerplate.1-1">
-        This Internet-Draft is submitted in full conformance with the
-        provisions of BCP 78 and BCP 79.<a href="#section-boilerplate.1-1" class="pilcrow">¶</a></p>
-<p id="section-boilerplate.1-2">
-        Internet-Drafts are working documents of the Internet Engineering Task
-        Force (IETF). Note that other groups may also distribute working
-        documents as Internet-Drafts. The list of current Internet-Drafts is
-        at <span><a href="https://datatracker.ietf.org/drafts/current/">https://datatracker.ietf.org/drafts/current/</a></span>.<a href="#section-boilerplate.1-2" class="pilcrow">¶</a></p>
-<p id="section-boilerplate.1-3">
-        Internet-Drafts are draft documents valid for a maximum of six months
-        and may be updated, replaced, or obsoleted by other documents at any
-        time. It is inappropriate to use Internet-Drafts as reference
-        material or to cite them other than as "work in progress."<a href="#section-boilerplate.1-3" class="pilcrow">¶</a></p>
-<p id="section-boilerplate.1-4">
-        This Internet-Draft will expire on 25 April 2024.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="copyright">
-<section id="section-boilerplate.2">
-        <h2 id="name-copyright-notice">
-<a href="#name-copyright-notice" class="section-name selfRef">Copyright Notice</a>
-        </h2>
-<p id="section-boilerplate.2-1">
-            Copyright (c) 2023 IETF Trust and the persons identified as the
-            document authors. All rights reserved.<a href="#section-boilerplate.2-1" class="pilcrow">¶</a></p>
-<p id="section-boilerplate.2-2">
-            This document is subject to BCP 78 and the IETF Trust's Legal
-            Provisions Relating to IETF Documents
-            (<span><a href="https://trustee.ietf.org/license-info">https://trustee.ietf.org/license-info</a></span>) in effect on the date of
-            publication of this document. Please review these documents
-            carefully, as they describe your rights and restrictions with
-            respect to this document. Code Components extracted from this
-            document must include Revised BSD License text as described in
-            Section 4.e of the Trust Legal Provisions and are provided without
-            warranty as described in the Revised BSD License.<a href="#section-boilerplate.2-2" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="toc">
-<section id="section-toc.1">
-        <a href="#" onclick="scroll(0,0)" class="toplink">▲</a><h2 id="name-table-of-contents">
-<a href="#name-table-of-contents" class="section-name selfRef">Table of Contents</a>
-        </h2>
-<nav class="toc"><ul class="compact toc ulBare ulEmpty">
-<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.1">
-            <p id="section-toc.1-1.1.1" class="keepWithNext"><a href="#section-1" class="auto internal xref">1</a>.  <a href="#name-introduction" class="internal xref">Introduction</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.2">
-            <p id="section-toc.1-1.2.1" class="keepWithNext"><a href="#section-2" class="auto internal xref">2</a>.  <a href="#name-conventions-and-definitions" class="internal xref">Conventions and Definitions</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3">
-            <p id="section-toc.1-1.3.1" class="keepWithNext"><a href="#section-3" class="auto internal xref">3</a>.  <a href="#name-algorithm-identifiers" class="internal xref">Algorithm Identifiers</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4">
-            <p id="section-toc.1-1.4.1"><a href="#section-4" class="auto internal xref">4</a>.  <a href="#name-candidate-tbd1" class="internal xref">Candidate TBD1</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5">
-            <p id="section-toc.1-1.5.1"><a href="#section-5" class="auto internal xref">5</a>.  <a href="#name-subject-public-key-fields" class="internal xref">Subject Public Key Fields</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.6">
-            <p id="section-toc.1-1.6.1"><a href="#section-6" class="auto internal xref">6</a>.  <a href="#name-key-usage-bits" class="internal xref">Key Usage Bits</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.7">
-            <p id="section-toc.1-1.7.1"><a href="#section-7" class="auto internal xref">7</a>.  <a href="#name-private-key-format" class="internal xref">Private Key Format</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.8">
-            <p id="section-toc.1-1.8.1"><a href="#section-8" class="auto internal xref">8</a>.  <a href="#name-asn1-module" class="internal xref">ASN.1 Module</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.9">
-            <p id="section-toc.1-1.9.1"><a href="#section-9" class="auto internal xref">9</a>.  <a href="#name-security-considerations" class="internal xref">Security Considerations</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.10">
-            <p id="section-toc.1-1.10.1"><a href="#section-10" class="auto internal xref">10</a>. <a href="#name-iana-considerations" class="internal xref">IANA Considerations</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.11">
-            <p id="section-toc.1-1.11.1"><a href="#section-11" class="auto internal xref">11</a>. <a href="#name-references" class="internal xref">References</a></p>
-<ul class="compact toc ulBare ulEmpty">
-<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.11.2.1">
-                <p id="section-toc.1-1.11.2.1.1"><a href="#section-11.1" class="auto internal xref">11.1</a>.  <a href="#name-normative-references" class="internal xref">Normative References</a></p>
-</li>
-              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.11.2.2">
-                <p id="section-toc.1-1.11.2.2.1"><a href="#section-11.2" class="auto internal xref">11.2</a>.  <a href="#name-informative-references" class="internal xref">Informative References</a></p>
-</li>
-            </ul>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.12">
-            <p id="section-toc.1-1.12.1"><a href="#appendix-A" class="auto internal xref"></a><a href="#name-acknowledgments" class="internal xref">Acknowledgments</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.13">
-            <p id="section-toc.1-1.13.1"><a href="#appendix-B" class="auto internal xref"></a><a href="#name-authors-addresses" class="internal xref">Authors' Addresses</a></p>
-</li>
-        </ul>
-</nav>
-</section>
-</div>
-<div id="introduction">
-<section id="section-1">
-      <h2 id="name-introduction">
-<a href="#section-1" class="section-number selfRef">1. </a><a href="#name-introduction" class="section-name selfRef">Introduction</a>
-      </h2>
-<p id="section-1-1">The US NIST PQC Project has selected the Candidate TBD1
-algorithms as winners of their PQC Project <span>[<a href="#PQCProj" class="cite xref">PQCProj</a>]</span>. These
-algorithms are KEM algorithms. NIST has also defined object identifiers
-for these algorithms (TODO insert reference).<a href="#section-1-1" class="pilcrow">¶</a></p>
-<p id="section-1-2">This document specifies the use of the Candidate TBD1
-algorithms in X.509 public key certifiates, see <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span>.
-It also specifies private key encoding.
-An ASN.1 module is included for reference purposes.<a href="#section-1-2" class="pilcrow">¶</a></p>
-<p id="section-1-3">These certificates could be used as Issuers in CMS where the public key
-is used to encapsulate a shared secret used to derive a symmetric key
-used to encrypt content in CMS
-[EDNOTE: Add reference draft-perret-prat-lamps-cms-pq-kem].
-To be used in TLS, these certificates could only be used as end-entity
-identity certificates and would require significant updates to the
-protocol
-[EDNOTE: Add reference draft-celi-wiggers-tls-authkem].<a href="#section-1-3" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="conventions-and-definitions">
-<section id="section-2">
-      <h2 id="name-conventions-and-definitions">
-<a href="#section-2" class="section-number selfRef">2. </a><a href="#name-conventions-and-definitions" class="section-name selfRef">Conventions and Definitions</a>
-      </h2>
-<p id="section-2-1">The key words "<span class="bcp14">MUST</span>", "<span class="bcp14">MUST NOT</span>", "<span class="bcp14">REQUIRED</span>", "<span class="bcp14">SHALL</span>", "<span class="bcp14">SHALL NOT</span>", "<span class="bcp14">SHOULD</span>", "<span class="bcp14">SHOULD NOT</span>", "<span class="bcp14">RECOMMENDED</span>", "<span class="bcp14">NOT RECOMMENDED</span>",
-"<span class="bcp14">MAY</span>", and "<span class="bcp14">OPTIONAL</span>" in this document are to be interpreted as
-described in BCP 14 <span>[<a href="#RFC2119" class="cite xref">RFC2119</a>]</span> <span>[<a href="#RFC8174" class="cite xref">RFC8174</a>]</span> when, and only when, they
-appear in all capitals, as shown here.<a href="#section-2-1" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="algorithm-identifiers">
-<section id="section-3">
-      <h2 id="name-algorithm-identifiers">
-<a href="#section-3" class="section-number selfRef">3. </a><a href="#name-algorithm-identifiers" class="section-name selfRef">Algorithm Identifiers</a>
-      </h2>
-<p id="section-3-1">Certificates conforming to <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span> can convey a public key for any
-public key algorithm. The certificate indicates the algorithm through
-an algorithm identifier. An algorithm identifier consists of an object
-identifier and optional parameters.<a href="#section-3-1" class="pilcrow">¶</a></p>
-<p id="section-3-2">The AlgorithmIdentifier type, which is included herein for convenience,
-is defined as follows:<a href="#section-3-2" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-3-3">
-<pre>
-   AlgorithmIdentifier  ::=  SEQUENCE  {
-       algorithm   OBJECT IDENTIFIER,
-       parameters  ANY DEFINED BY algorithm OPTIONAL
-   }
-</pre><a href="#section-3-3" class="pilcrow">¶</a>
-</div>
-<aside id="section-3-4">
-        <p id="section-3-4.1">NOTE: The above syntax is from <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span> and matches the version used
-therein, i.e., the 1988 ASN.1 syntax. See <span>[<a href="#RFC5912" class="cite xref">RFC5912</a>]</span> for ASN.1
-copmatible with the 2015 ASN.1 syntax.<a href="#section-3-4.1" class="pilcrow">¶</a></p>
-</aside>
-<p id="section-3-5">The fields in AlgorithmIdentifier have the following meanings:<a href="#section-3-5" class="pilcrow">¶</a></p>
-<ul class="normal">
-<li class="normal" id="section-3-6.1">
-          <p id="section-3-6.1.1">algorithm identifies the cryptographic algorithm with an object
-identifier. XXX such OIDs are defined in Sections <a href="#candidate-TBD1" class="auto internal xref">Section 4</a>.<a href="#section-3-6.1.1" class="pilcrow">¶</a></p>
-</li>
-        <li class="normal" id="section-3-6.2">
-          <p id="section-3-6.2.1">parameters, which are optional, are the associated parameters for
-the algorithm identifier in the algorithm field.<a href="#section-3-6.2.1" class="pilcrow">¶</a></p>
-</li>
-      </ul>
-<p id="section-3-7">In this document, TODO (specify number) new OIDs for identifying the
-different algorithm and parameter pairs. For all of the object
-identifiers, the parameters <span class="bcp14">MUST</span> be absent.<a href="#section-3-7" class="pilcrow">¶</a></p>
-<p id="section-3-8">It is possible to find systems that require the parameters to be
-present. This can be due to either a defect in the original 1997
-syntax or a programming error where developers never got input where
-this was not true. The optimal solution is to fix these systems;
-where this is not possible, the problem needs to be restricted to
-that subsystem and not propagated to the Internet.<a href="#section-3-8" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="candidate-TBD1">
-<section id="section-4">
-      <h2 id="name-candidate-tbd1">
-<a href="#section-4" class="section-number selfRef">4. </a><a href="#name-candidate-tbd1" class="section-name selfRef">Candidate TBD1</a>
-      </h2>
-<p id="section-4-1">TODO insert object-identifiers<a href="#section-4-1" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="subject-public-key-fields">
-<section id="section-5">
-      <h2 id="name-subject-public-key-fields">
-<a href="#section-5" class="section-number selfRef">5. </a><a href="#name-subject-public-key-fields" class="section-name selfRef">Subject Public Key Fields</a>
-      </h2>
-<p id="section-5-1">In the X.509 certificate, the subjectPublicKeyInfo field has the
-SubjectPublicKeyInfo type, which has the following ASN.1 syntax:<a href="#section-5-1" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-5-2">
-<pre>
-  SubjectPublicKeyInfo  ::=  SEQUENCE  {
-      algorithm         AlgorithmIdentifier,
-      subjectPublicKey  BIT STRING
-  }
-</pre><a href="#section-5-2" class="pilcrow">¶</a>
-</div>
-<aside id="section-5-3">
-        <p id="section-5-3.1">NOTE: The above syntax is from <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span> and matches the version used
-therein, i.e., the 1988 ASN.1 syntax. See <span>[<a href="#RFC5912" class="cite xref">RFC5912</a>]</span> for ASN.1
-copmatible with the 2015 ASN.1 syntax.<a href="#section-5-3.1" class="pilcrow">¶</a></p>
-</aside>
-<p id="section-5-4">The fields in SubjectPublicKeyInfo have the following meanings:<a href="#section-5-4" class="pilcrow">¶</a></p>
-<ul class="normal">
-<li class="normal" id="section-5-5.1">
-          <p id="section-5-5.1.1">algorithm is the algorithm identifier and parameters for the
-public key (see above).<a href="#section-5-5.1.1" class="pilcrow">¶</a></p>
-</li>
-        <li class="normal" id="section-5-5.2">
-          <p id="section-5-5.2.1">subjectPublicKey contains the byte stream of the public key.  The
-algorithms defined in this document always encode the public key
-as TODO pick format e.g., exact multiple of 8 bits?.<a href="#section-5-5.2.1" class="pilcrow">¶</a></p>
-</li>
-      </ul>
-<p id="section-5-6">The following is an example of a TBD public key encoded using the
-textual encoding defined in <span>[<a href="#RFC7468" class="cite xref">RFC7468</a>]</span>.<a href="#section-5-6" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-5-7">
-<pre>
-  -----BEGIN PUBLIC KEY-----
-  TODO insert example public key
-  -----END PUBLIC KEY-------
-</pre><a href="#section-5-7" class="pilcrow">¶</a>
-</div>
-</section>
-</div>
-<div id="key-usage-bits">
-<section id="section-6">
-      <h2 id="name-key-usage-bits">
-<a href="#section-6" class="section-number selfRef">6. </a><a href="#name-key-usage-bits" class="section-name selfRef">Key Usage Bits</a>
-      </h2>
-<p id="section-6-1">The intended application for the key is indicated in the keyUsage
-certificate extension; see <span><a href="https://rfc-editor.org/rfc/rfc5280#section-4.2.1.3" class="relref">Section 4.2.1.3</a> of [<a href="#RFC5280" class="cite xref">RFC5280</a>]</span>.<a href="#section-6-1" class="pilcrow">¶</a></p>
-<p id="section-6-2">If the keyUsage extension is present in a certificate that indicates
-Candidate TBD1 in SubjectPublicKeyInfo, then the following
-<span class="bcp14">MUST</span> be present:<a href="#section-6-2" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-6-3">
-<pre>
-  keyEncipherment;
-</pre><a href="#section-6-3" class="pilcrow">¶</a>
-</div>
-</section>
-</div>
-<div id="private-key-format">
-<section id="section-7">
-      <h2 id="name-private-key-format">
-<a href="#section-7" class="section-number selfRef">7. </a><a href="#name-private-key-format" class="section-name selfRef">Private Key Format</a>
-      </h2>
-<p id="section-7-1">"Asymmetric Key Packages" <span>[<a href="#RFC5958" class="cite xref">RFC5958</a>]</span> describes how to encode a private
-key in a structure that both identifies what algorithm the private key
-is for and allows for the public key and additional attributes about the
-key to be included as well. For illustration, the ASN.1 structure
-OneAsymmetricKey is replicated below. The algorithm-specific details of
-how a private key is encoded are left for the document describing the
-algorithm itself.<a href="#section-7-1" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-7-2">
-<pre>
-  OneAsymmetricKey ::= SEQUENCE {
-      version                  Version,
-      privateKeyAlgorithm      PrivateKeyAlgorithmIdentifier,
-      privateKey               PrivateKey,
-      attributes           [0] IMPLICIT Attributes OPTIONAL,
-      ...,
-      [[2: publicKey       [1] IMPLICIT PublicKey OPTIONAL ]],
-      ...
-  }
-
-  PrivateKey ::= OCTET STRING
-
-  PublicKey ::= BIT STRING
-</pre><a href="#section-7-2" class="pilcrow">¶</a>
-</div>
-<aside id="section-7-3">
-        <p id="section-7-3.1">NOTE: The above syntax is from <span>[<a href="#RFC5958" class="cite xref">RFC5958</a>]</span> and matches the version used
-therein, i.e., the 2002 ASN.1 syntax. The syntax used therein is
-compatible with the 2015 ASN.1 syntax.<a href="#section-7-3.1" class="pilcrow">¶</a></p>
-</aside>
-<p id="section-7-4">For the keys defined in this document, the private key is always an
-opaque byte sequence. The ASN.1 type PqckemPrivateKey is defined in
-this document to hold the byte sequence. Thus, when encoding a
-OneAsymmetricKey object, the private key is wrapped in a
-PqckemPrivateKey object and wrapped by the OCTET STRING of the
-"privateKey" field.<a href="#section-7-4" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-7-5">
-<pre>
-  PqckemPrivateKey ::= OCTET STRING
-</pre><a href="#section-7-5" class="pilcrow">¶</a>
-</div>
-<p id="section-7-6">The following is an example of a TBD private key encoded using the
-textual encoding defined in <span>[<a href="#RFC7468" class="cite xref">RFC7468</a>]</span>.<a href="#section-7-6" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-7-7">
-<pre>
-  -----BEGIN PRIVATE KEY-----
-  TODO iser example private key
-  -----END PRIVATE KEY-------
-</pre><a href="#section-7-7" class="pilcrow">¶</a>
-</div>
-<p id="section-7-8">The following example, in addition to encoding the TBD private key,
-has an attribute included as well as the public key. As with the
-prior example, the textual encoding defined in <span>[<a href="#RFC7468" class="cite xref">RFC7468</a>]</span> is used.<a href="#section-7-8" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-7-9">
-<pre>
-  -----BEGIN PRIVATE KEY-----
-  TODO insert example private key with attribute
-  -----END PRIVATE KEY-------
-</pre><a href="#section-7-9" class="pilcrow">¶</a>
-</div>
-<aside id="section-7-10">
-        <p id="section-7-10.1">NOTE: There exist some private key import functions that have not
-implemented the new ASN.1 structure OneAsymmetricKey that is defined in
-<span>[<a href="#RFC5958" class="cite xref">RFC5958</a>]</span>. This means that they will not accept a private key
-structure that contains the public key field.  This means a balancing
-act needs to be done between being able to do a consistency check on the
-key pair and widest ability to import the key.<a href="#section-7-10.1" class="pilcrow">¶</a></p>
-</aside>
-</section>
-</div>
-<div id="asn1-module">
-<section id="section-8">
-      <h2 id="name-asn1-module">
-<a href="#section-8" class="section-number selfRef">8. </a><a href="#name-asn1-module" class="section-name selfRef">ASN.1 Module</a>
-      </h2>
-<p id="section-8-1">TODO ASN.1 Module<a href="#section-8-1" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="security-considerations">
-<section id="section-9">
-      <h2 id="name-security-considerations">
-<a href="#section-9" class="section-number selfRef">9. </a><a href="#name-security-considerations" class="section-name selfRef">Security Considerations</a>
-      </h2>
-<p id="section-9-1">The Security Considerations section of <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span> applies to this specification as well.<a href="#section-9-1" class="pilcrow">¶</a></p>
-<p id="section-9-2">[EDNOTE: Discuss side-channels for Candidate TBD1.]<a href="#section-9-2" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="iana-considerations">
-<section id="section-10">
-      <h2 id="name-iana-considerations">
-<a href="#section-10" class="section-number selfRef">10. </a><a href="#name-iana-considerations" class="section-name selfRef">IANA Considerations</a>
-      </h2>
-<p id="section-10-1">This document will have some IANA actions.<a href="#section-10-1" class="pilcrow">¶</a></p>
-</section>
-</div>
-<section id="section-11">
-      <h2 id="name-references">
-<a href="#section-11" class="section-number selfRef">11. </a><a href="#name-references" class="section-name selfRef">References</a>
-      </h2>
-<div id="sec-normative-references">
-<section id="section-11.1">
-        <h3 id="name-normative-references">
-<a href="#section-11.1" class="section-number selfRef">11.1. </a><a href="#name-normative-references" class="section-name selfRef">Normative References</a>
-        </h3>
-<dl class="references">
-<dt id="RFC2119">[RFC2119]</dt>
-        <dd>
-<span class="refAuthor">Bradner, S.</span>, <span class="refTitle">"Key words for use in RFCs to Indicate Requirement Levels"</span>, <span class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 2119</span>, <span class="seriesInfo">DOI 10.17487/RFC2119</span>, <time datetime="1997-03" class="refDate">March 1997</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc2119">https://www.rfc-editor.org/rfc/rfc2119</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="RFC5280">[RFC5280]</dt>
-        <dd>
-<span class="refAuthor">Cooper, D.</span>, <span class="refAuthor">Santesson, S.</span>, <span class="refAuthor">Farrell, S.</span>, <span class="refAuthor">Boeyen, S.</span>, <span class="refAuthor">Housley, R.</span>, and <span class="refAuthor">W. Polk</span>, <span class="refTitle">"Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile"</span>, <span class="seriesInfo">RFC 5280</span>, <span class="seriesInfo">DOI 10.17487/RFC5280</span>, <time datetime="2008-05" class="refDate">May 2008</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc5280">https://www.rfc-editor.org/rfc/rfc5280</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="RFC5912">[RFC5912]</dt>
-        <dd>
-<span class="refAuthor">Hoffman, P.</span> and <span class="refAuthor">J. Schaad</span>, <span class="refTitle">"New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX)"</span>, <span class="seriesInfo">RFC 5912</span>, <span class="seriesInfo">DOI 10.17487/RFC5912</span>, <time datetime="2010-06" class="refDate">June 2010</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc5912">https://www.rfc-editor.org/rfc/rfc5912</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="RFC5958">[RFC5958]</dt>
-        <dd>
-<span class="refAuthor">Turner, S.</span>, <span class="refTitle">"Asymmetric Key Packages"</span>, <span class="seriesInfo">RFC 5958</span>, <span class="seriesInfo">DOI 10.17487/RFC5958</span>, <time datetime="2010-08" class="refDate">August 2010</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc5958">https://www.rfc-editor.org/rfc/rfc5958</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="RFC8174">[RFC8174]</dt>
-      <dd>
-<span class="refAuthor">Leiba, B.</span>, <span class="refTitle">"Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words"</span>, <span class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 8174</span>, <span class="seriesInfo">DOI 10.17487/RFC8174</span>, <time datetime="2017-05" class="refDate">May 2017</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc8174">https://www.rfc-editor.org/rfc/rfc8174</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-</dl>
-</section>
-</div>
-<div id="sec-informative-references">
-<section id="section-11.2">
-        <h3 id="name-informative-references">
-<a href="#section-11.2" class="section-number selfRef">11.2. </a><a href="#name-informative-references" class="section-name selfRef">Informative References</a>
-        </h3>
-<dl class="references">
-<dt id="PQCProj">[PQCProj]</dt>
-        <dd>
-<span class="refAuthor">National Institute of Standards and Technology</span>, <span class="refTitle">"Post-Quantum Cryptography Project"</span>, <time datetime="2016-12-20" class="refDate">20 December 2016</time>, <span>&lt;<a href="https://csrc.nist.gov/projects/post-quantum-cryptography">https://csrc.nist.gov/projects/post-quantum-cryptography</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="RFC7468">[RFC7468]</dt>
-      <dd>
-<span class="refAuthor">Josefsson, S.</span> and <span class="refAuthor">S. Leonard</span>, <span class="refTitle">"Textual Encodings of PKIX, PKCS, and CMS Structures"</span>, <span class="seriesInfo">RFC 7468</span>, <span class="seriesInfo">DOI 10.17487/RFC7468</span>, <time datetime="2015-04" class="refDate">April 2015</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc7468">https://www.rfc-editor.org/rfc/rfc7468</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-</dl>
-</section>
-</div>
-</section>
-<div id="acknowledgments">
-<section id="appendix-A">
-      <h2 id="name-acknowledgments">
-<a href="#name-acknowledgments" class="section-name selfRef">Acknowledgments</a>
-      </h2>
-<p id="appendix-A-1">TODO acknowledge.<a href="#appendix-A-1" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="authors-addresses">
-<section id="appendix-B">
-      <h2 id="name-authors-addresses">
-<a href="#name-authors-addresses" class="section-name selfRef">Authors' Addresses</a>
-      </h2>
-<address class="vcard">
-        <div dir="auto" class="left"><span class="fn nameRole">Sean Turner</span></div>
-<div dir="auto" class="left"><span class="org">sn3rd</span></div>
-<div class="email">
-<span>Email:</span>
-<a href="mailto:sean@sn3rd.com" class="email">sean@sn3rd.com</a>
-</div>
-</address>
-<address class="vcard">
-        <div dir="auto" class="left"><span class="fn nameRole">Panos Kampanakis</span></div>
-<div dir="auto" class="left"><span class="org">AWS</span></div>
-<div class="email">
-<span>Email:</span>
-<a href="mailto:kpanos@amazon.com" class="email">kpanos@amazon.com</a>
-</div>
-</address>
-<address class="vcard">
-        <div dir="auto" class="left"><span class="fn nameRole">Jake Massimo</span></div>
-<div dir="auto" class="left"><span class="org">AWS</span></div>
-<div class="email">
-<span>Email:</span>
-<a href="mailto:jakemas@amazon.com" class="email">jakemas@amazon.com</a>
-</div>
-</address>
-<address class="vcard">
-        <div dir="auto" class="left"><span class="fn nameRole">Bas Westerbaan</span></div>
-<div dir="auto" class="left"><span class="org">Cloudflare</span></div>
-<div class="email">
-<span>Email:</span>
-<a href="mailto:bas@westerbaan.name" class="email">bas@westerbaan.name</a>
-</div>
-</address>
-</section>
-</div>
-<script>const toc = document.getElementById("toc");
-toc.querySelector("h2").addEventListener("click", e => {
-  toc.classList.toggle("active");
-});
-toc.querySelector("nav").addEventListener("click", e => {
-  toc.classList.remove("active");
-});
-</script>
-</body>
-</html>
diff --git a/seanturner-asides/draft-turner-lamps-nist-pqc-kem-certificates.txt b/seanturner-asides/draft-turner-lamps-nist-pqc-kem-certificates.txt
deleted file mode 100644
index 8ecd08c..0000000
--- a/seanturner-asides/draft-turner-lamps-nist-pqc-kem-certificates.txt
+++ /dev/null
@@ -1,354 +0,0 @@
-
-
-
-
-None                                                           S. Turner
-Internet-Draft                                                     sn3rd
-Intended status: Standards Track                           P. Kampanakis
-Expires: 25 April 2024                                        J. Massimo
-                                                                     AWS
-                                                           B. Westerbaan
-                                                              Cloudflare
-                                                         23 October 2023
-
-
-Algorithm Identifiers for NIST's PQC Algorithms for Use in the Internet
-                    X.509 Public Key Infrastructure
-          draft-turner-lamps-nist-pqc-kem-certificates-latest
-
-Abstract
-
-   This document specifies algorithm identifiers and ASN.1 encoding
-   format for the US NIST's PQC KEM (United States National Institute of
-   Standards and Technology's Post Quantum Cryptography Key
-   Encapsulation Mechanism) algorithms.  The algorithms covered are
-   Candidate TBD1.  The encoding for public key and private key is also
-   provided.
-
-   [EDNOTE: This draft is not expected to be finalized before the NIST
-   PQC Project has standardized PQ algorithms.  After NIST has
-   standardized its first algorithms, this document will replace TBD,
-   with the appropriate algorithms and parameters before proceeding to
-   ratification.  The algorithm Candidate TBD1 has been added as an
-   example in this draft, to provide a more detailed illustration of the
-   content - it by no means indicates its inclusion in the final
-   version.  This specification will use object identifiers for the new
-   algorithms that are assigned by NIST, and will use placeholders until
-   these are released.]
-
-About This Document
-
-   This note is to be removed before publishing as an RFC.
-
-   Status information for this document may be found at
-   https://datatracker.ietf.org/doc/draft-turner-lamps-nist-pqc-kem-
-   certificates/.
-
-   Discussion of this document takes place on the Limited Additional
-   Mechanisms for PKIX and SMIME (lamps) Working Group mailing list
-   (mailto:spasm@ietf.org), which is archived at
-   https://mailarchive.ietf.org/arch/browse/spasm/.  Subscribe at
-   https://www.ietf.org/mailman/listinfo/spasm/.
-
-   Source for this draft and an issue tracker can be found at
-   https://github.com/seanturner/draft-turner-lamps-nist-pqc-kem-
-   certificates.
-
-Status of This Memo
-
-   This Internet-Draft is submitted in full conformance with the
-   provisions of BCP 78 and BCP 79.
-
-   Internet-Drafts are working documents of the Internet Engineering
-   Task Force (IETF).  Note that other groups may also distribute
-   working documents as Internet-Drafts.  The list of current Internet-
-   Drafts is at https://datatracker.ietf.org/drafts/current/.
-
-   Internet-Drafts are draft documents valid for a maximum of six months
-   and may be updated, replaced, or obsoleted by other documents at any
-   time.  It is inappropriate to use Internet-Drafts as reference
-   material or to cite them other than as "work in progress."
-
-   This Internet-Draft will expire on 25 April 2024.
-
-Copyright Notice
-
-   Copyright (c) 2023 IETF Trust and the persons identified as the
-   document authors.  All rights reserved.
-
-   This document is subject to BCP 78 and the IETF Trust's Legal
-   Provisions Relating to IETF Documents (https://trustee.ietf.org/
-   license-info) in effect on the date of publication of this document.
-   Please review these documents carefully, as they describe your rights
-   and restrictions with respect to this document.  Code Components
-   extracted from this document must include Revised BSD License text as
-   described in Section 4.e of the Trust Legal Provisions and are
-   provided without warranty as described in the Revised BSD License.
-
-Table of Contents
-
-   1.  Introduction
-   2.  Conventions and Definitions
-   3.  Algorithm Identifiers
-   4.  Candidate TBD1
-   5.  Subject Public Key Fields
-   6.  Key Usage Bits
-   7.  Private Key Format
-   8.  ASN.1 Module
-   9.  Security Considerations
-   10. IANA Considerations
-   11. References
-     11.1.  Normative References
-     11.2.  Informative References
-   Acknowledgments
-   Authors' Addresses
-
-1.  Introduction
-
-   The US NIST PQC Project has selected the Candidate TBD1 algorithms as
-   winners of their PQC Project [PQCProj].  These algorithms are KEM
-   algorithms.  NIST has also defined object identifiers for these
-   algorithms (TODO insert reference).
-
-   This document specifies the use of the Candidate TBD1 algorithms in
-   X.509 public key certifiates, see [RFC5280].  It also specifies
-   private key encoding.  An ASN.1 module is included for reference
-   purposes.
-
-   These certificates could be used as Issuers in CMS where the public
-   key is used to encapsulate a shared secret used to derive a symmetric
-   key used to encrypt content in CMS [EDNOTE: Add reference draft-
-   perret-prat-lamps-cms-pq-kem].  To be used in TLS, these certificates
-   could only be used as end-entity identity certificates and would
-   require significant updates to the protocol [EDNOTE: Add reference
-   draft-celi-wiggers-tls-authkem].
-
-2.  Conventions and Definitions
-
-   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
-   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
-   "OPTIONAL" in this document are to be interpreted as described in
-   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
-   capitals, as shown here.
-
-3.  Algorithm Identifiers
-
-   Certificates conforming to [RFC5280] can convey a public key for any
-   public key algorithm.  The certificate indicates the algorithm
-   through an algorithm identifier.  An algorithm identifier consists of
-   an object identifier and optional parameters.
-
-   The AlgorithmIdentifier type, which is included herein for
-   convenience, is defined as follows:
-
-      AlgorithmIdentifier  ::=  SEQUENCE  {
-          algorithm   OBJECT IDENTIFIER,
-          parameters  ANY DEFINED BY algorithm OPTIONAL
-      }
-
-      |  NOTE: The above syntax is from [RFC5280] and matches the
-      |  version used therein, i.e., the 1988 ASN.1 syntax.  See
-      |  [RFC5912] for ASN.1 copmatible with the 2015 ASN.1 syntax.
-
-   The fields in AlgorithmIdentifier have the following meanings:
-
-   *  algorithm identifies the cryptographic algorithm with an object
-      identifier.  XXX such OIDs are defined in Sections Section 4.
-
-   *  parameters, which are optional, are the associated parameters for
-      the algorithm identifier in the algorithm field.
-
-   In this document, TODO (specify number) new OIDs for identifying the
-   different algorithm and parameter pairs.  For all of the object
-   identifiers, the parameters MUST be absent.
-
-   It is possible to find systems that require the parameters to be
-   present.  This can be due to either a defect in the original 1997
-   syntax or a programming error where developers never got input where
-   this was not true.  The optimal solution is to fix these systems;
-   where this is not possible, the problem needs to be restricted to
-   that subsystem and not propagated to the Internet.
-
-4.  Candidate TBD1
-
-   TODO insert object-identifiers
-
-5.  Subject Public Key Fields
-
-   In the X.509 certificate, the subjectPublicKeyInfo field has the
-   SubjectPublicKeyInfo type, which has the following ASN.1 syntax:
-
-     SubjectPublicKeyInfo  ::=  SEQUENCE  {
-         algorithm         AlgorithmIdentifier,
-         subjectPublicKey  BIT STRING
-     }
-
-      |  NOTE: The above syntax is from [RFC5280] and matches the
-      |  version used therein, i.e., the 1988 ASN.1 syntax.  See
-      |  [RFC5912] for ASN.1 copmatible with the 2015 ASN.1 syntax.
-
-   The fields in SubjectPublicKeyInfo have the following meanings:
-
-   *  algorithm is the algorithm identifier and parameters for the
-      public key (see above).
-
-   *  subjectPublicKey contains the byte stream of the public key.  The
-      algorithms defined in this document always encode the public key
-      as TODO pick format e.g., exact multiple of 8 bits?.
-
-   The following is an example of a TBD public key encoded using the
-   textual encoding defined in [RFC7468].
-
-     -----BEGIN PUBLIC KEY-----
-     TODO insert example public key
-     -----END PUBLIC KEY-------
-
-6.  Key Usage Bits
-
-   The intended application for the key is indicated in the keyUsage
-   certificate extension; see Section 4.2.1.3 of [RFC5280].
-
-   If the keyUsage extension is present in a certificate that indicates
-   Candidate TBD1 in SubjectPublicKeyInfo, then the following MUST be
-   present:
-
-     keyEncipherment;
-
-7.  Private Key Format
-
-   "Asymmetric Key Packages" [RFC5958] describes how to encode a private
-   key in a structure that both identifies what algorithm the private
-   key is for and allows for the public key and additional attributes
-   about the key to be included as well.  For illustration, the ASN.1
-   structure OneAsymmetricKey is replicated below.  The algorithm-
-   specific details of how a private key is encoded are left for the
-   document describing the algorithm itself.
-
-     OneAsymmetricKey ::= SEQUENCE {
-         version                  Version,
-         privateKeyAlgorithm      PrivateKeyAlgorithmIdentifier,
-         privateKey               PrivateKey,
-         attributes           [0] IMPLICIT Attributes OPTIONAL,
-         ...,
-         [[2: publicKey       [1] IMPLICIT PublicKey OPTIONAL ]],
-         ...
-     }
-
-     PrivateKey ::= OCTET STRING
-
-     PublicKey ::= BIT STRING
-
-      |  NOTE: The above syntax is from [RFC5958] and matches the
-      |  version used therein, i.e., the 2002 ASN.1 syntax.  The syntax
-      |  used therein is compatible with the 2015 ASN.1 syntax.
-
-   For the keys defined in this document, the private key is always an
-   opaque byte sequence.  The ASN.1 type PqckemPrivateKey is defined in
-   this document to hold the byte sequence.  Thus, when encoding a
-   OneAsymmetricKey object, the private key is wrapped in a
-   PqckemPrivateKey object and wrapped by the OCTET STRING of the
-   "privateKey" field.
-
-     PqckemPrivateKey ::= OCTET STRING
-
-   The following is an example of a TBD private key encoded using the
-   textual encoding defined in [RFC7468].
-
-     -----BEGIN PRIVATE KEY-----
-     TODO iser example private key
-     -----END PRIVATE KEY-------
-
-   The following example, in addition to encoding the TBD private key,
-   has an attribute included as well as the public key.  As with the
-   prior example, the textual encoding defined in [RFC7468] is used.
-
-     -----BEGIN PRIVATE KEY-----
-     TODO insert example private key with attribute
-     -----END PRIVATE KEY-------
-
-      |  NOTE: There exist some private key import functions that have
-      |  not implemented the new ASN.1 structure OneAsymmetricKey that
-      |  is defined in [RFC5958].  This means that they will not accept
-      |  a private key structure that contains the public key field.
-      |  This means a balancing act needs to be done between being able
-      |  to do a consistency check on the key pair and widest ability to
-      |  import the key.
-
-8.  ASN.1 Module
-
-   TODO ASN.1 Module
-
-9.  Security Considerations
-
-   The Security Considerations section of [RFC5280] applies to this
-   specification as well.
-
-   [EDNOTE: Discuss side-channels for Candidate TBD1.]
-
-10.  IANA Considerations
-
-   This document will have some IANA actions.
-
-11.  References
-
-11.1.  Normative References
-
-   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
-              Requirement Levels", BCP 14, RFC 2119,
-              DOI 10.17487/RFC2119, March 1997,
-              <https://www.rfc-editor.org/rfc/rfc2119>.
-
-   [RFC5280]  Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
-              Housley, R., and W. Polk, "Internet X.509 Public Key
-              Infrastructure Certificate and Certificate Revocation List
-              (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
-              <https://www.rfc-editor.org/rfc/rfc5280>.
-
-   [RFC5912]  Hoffman, P. and J. Schaad, "New ASN.1 Modules for the
-              Public Key Infrastructure Using X.509 (PKIX)", RFC 5912,
-              DOI 10.17487/RFC5912, June 2010,
-              <https://www.rfc-editor.org/rfc/rfc5912>.
-
-   [RFC5958]  Turner, S., "Asymmetric Key Packages", RFC 5958,
-              DOI 10.17487/RFC5958, August 2010,
-              <https://www.rfc-editor.org/rfc/rfc5958>.
-
-   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
-              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
-              May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.
-
-11.2.  Informative References
-
-   [PQCProj]  National Institute of Standards and Technology, "Post-
-              Quantum Cryptography Project", 20 December 2016,
-              <https://csrc.nist.gov/projects/post-quantum-
-              cryptography>.
-
-   [RFC7468]  Josefsson, S. and S. Leonard, "Textual Encodings of PKIX,
-              PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468,
-              April 2015, <https://www.rfc-editor.org/rfc/rfc7468>.
-
-Acknowledgments
-
-   TODO acknowledge.
-
-Authors' Addresses
-
-   Sean Turner
-   sn3rd
-   Email: sean@sn3rd.com
-
-
-   Panos Kampanakis
-   AWS
-   Email: kpanos@amazon.com
-
-
-   Jake Massimo
-   AWS
-   Email: jakemas@amazon.com
-
-
-   Bas Westerbaan
-   Cloudflare
-   Email: bas@westerbaan.name
diff --git a/seanturner-asides/index.html b/seanturner-asides/index.html
deleted file mode 100644
index 675ac79..0000000
--- a/seanturner-asides/index.html
+++ /dev/null
@@ -1,50 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <title>lamps-wg/kyber-certificates seanturner-asides preview</title>
-    <meta name="viewport" content="initial-scale=1.0">
-    <style type="text/css">/*<![CDATA[*/
-      body { font-family: "Helvetica Neue","Open Sans", Helvetica, Calibri,sans-serif; }
-      h1, h2, td { font-family: "Helvetica Neue", "Roboto Condensed", "Open Sans", Helvetica, Calibri, sans-serif; }
-      h1 { font-size: 20px; } h2 { font-size: 16px; }
-      table { margin: 5px 10px; border-collapse: collapse; }
-      th, td { font-weight: normal; text-align: left; padding: 2px 5px; }
-      a:link { color: #000; } a:visited { color: #00a; }
-    /*]]>*/</style>
-  </head>
-  <body>
-    <h1>Editor's drafts for seanturner-asides branch of <a href="https://github.com/lamps-wg/kyber-certificates/tree/seanturner-asides">lamps-wg/kyber-certificates</a></h1>
-    <table id="branch-seanturner-asides">
-      <tr>
-        <td><a href="./draft-ietf-lamps-kyber-certificates.html" class="html draft-ietf-lamps-kyber-certificates" title="Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Kyber (HTML)">PQC Kyber in Certificates</a></td>
-        <td><a href="./draft-ietf-lamps-kyber-certificates.txt" class="txt draft-ietf-lamps-kyber-certificates" title="Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Kyber (Text)">plain text</a></td>
-        <td>same as main</td>
-      </tr>
-      <tr>
-        <td><a href="./draft-turner-lamps-nist-pqc-kem-certificates.html" class="html draft-turner-lamps-nist-pqc-kem-certificates" title="Algorithm Identifiers for NIST's PQC Algorithms for Use in the Internet X.509 Public Key Infrastructure (HTML)">PQC KEM for Certificates</a></td>
-        <td><a href="./draft-turner-lamps-nist-pqc-kem-certificates.txt" class="txt draft-turner-lamps-nist-pqc-kem-certificates" title="Algorithm Identifiers for NIST's PQC Algorithms for Use in the Internet X.509 Public Key Infrastructure (Text)">plain text</a></td>
-        <td>same as main</td>
-      </tr>
-    </table>
-    <script>
-window.onload = function() {
-  var referrer_branch = 'main';
-  // e.g., "https://github.com/user/repo/tree/main"
-  var chunks = document.referrer.split("/");
-  if (chunks[2] === 'github.com' && chunks[5] === 'tree') {
-    referrer_branch = chunks[6];
-  }
-  let branch = document.querySelector('#branch-' + referrer_branch);
-  let h = document.location.hash.substring(1);
-  if (h === 'show') {
-    document.location.hash = '#' + branch.id;
-  } else if (branch && h.startsWith('go')) {
-    let e = branch.querySelector(h.substring(2));
-    if (e && e.href) {
-      document.location = e.href;
-    }
-  }
-};
-    </script>
-  </body>
-</html>
diff --git a/seanturner-md-fix/draft-ietf-lamps-kyber-certificates.html b/seanturner-md-fix/draft-ietf-lamps-kyber-certificates.html
deleted file mode 100644
index 7f2ad24..0000000
--- a/seanturner-md-fix/draft-ietf-lamps-kyber-certificates.html
+++ /dev/null
@@ -1,1635 +0,0 @@
-<!DOCTYPE html>
-<html lang="en" class="Internet-Draft">
-<head>
-<meta charset="utf-8">
-<meta content="Common,Latin" name="scripts">
-<meta content="initial-scale=1.0" name="viewport">
-<title>Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Kyber</title>
-<meta content="Sean Turner" name="author">
-<meta content="Panos Kampanakis" name="author">
-<meta content="Jake Massimo" name="author">
-<meta content="Bas Westerbaan" name="author">
-<meta content="
-       Kyber is a key-encapsulation mechanism (KEM). This document specifies
-algorithm identifiers and ASN.1 encoding format for Kyber in public
-key certificates. The encoding for public and private keys are also
-provided. 
-       [EDNOTE:
-This document is not expected to be finalized before the NIST PQC
-Project has standardized PQ algorithms. This specification will use
-object identifiers for the new algorithms that are assigned by NIST,
-and will use placeholders until these are released.] 
-    " name="description">
-<meta content="xml2rfc 3.18.2" name="generator">
-<meta content="Kyber KEM Certificate X.509 PKIX" name="keyword">
-<meta content="draft-ietf-lamps-kyber-certificates-latest" name="ietf.draft">
-<!-- Generator version information:
-  xml2rfc 3.18.2
-    Python 3.11.6
-    ConfigArgParse 1.5.3
-    google-i18n-address 3.1.0
-    intervaltree 3.1.0
-    Jinja2 3.1.2
-    lxml 4.9.3
-    platformdirs 3.11.0
-    pycountry 22.3.5
-    PyYAML 6.0
-    requests 2.31.0
-    setuptools 67.7.2
-    six 1.16.0
-    wcwidth 0.2.9
--->
-<link href="draft-ietf-lamps-kyber-certificates.xml" rel="alternate" type="application/rfc+xml">
-<link href="#copyright" rel="license">
-<style type="text/css">@font-face {
-  font-family: 'Lora';
-  font-style: italic;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Italic'), local('Lora-Italic'), url('https://martinthomson.github.io/rfc-css/fonts/lora-italic-cyrillic-ext.woff2') format('woff2');
-  unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: italic;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Italic'), local('Lora-Italic'), url('https://martinthomson.github.io/rfc-css/fonts/lora-italic-cyrillic-ext.woff2') format('woff2');
-  unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: italic;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Italic'), local('Lora-Italic'), url('https://martinthomson.github.io/rfc-css/fonts/lora-italic-vietnamese.woff2') format('woff2');
-  unicode-range: U+0102-0103, U+0110-0111, U+1EA0-1EF9, U+20AB;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: italic;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Italic'), local('Lora-Italic'), url('https://martinthomson.github.io/rfc-css/fonts/lora-italic-latin-ext.woff2') format('woff2');
-  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-}
-
-@font-face {
-  font-family: 'Lora';
-  font-style: italic;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Italic'), local('Lora-Italic'), url('https://martinthomson.github.io/rfc-css/fonts/lora-italic-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Regular'), local('Lora-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/lora-regular-cyrillic-ext.woff2') format('woff2');
-  unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Regular'), local('Lora-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/lora-regular-cyrillic.woff2') format('woff2');
-  unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Regular'), local('Lora-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/lora-regular-vietnamese.woff2') format('woff2');
-  unicode-range: U+0102-0103, U+0110-0111, U+1EA0-1EF9, U+20AB;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Regular'), local('Lora-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/lora-regular-latin-ext.woff2') format('woff2');
-  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Lora Regular'), local('Lora-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/lora-regular-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local('Lora Bold'), local('Lora-Bold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-bold-cyrillic-ext.woff2') format('woff2');
-  unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local('Lora Bold'), local('Lora-Bold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-bold-cyrillic.woff2') format('woff2');
-  unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local('Lora Bold'), local('Lora-Bold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-bold-vietnamese.woff2') format('woff2');
-  unicode-range: U+0102-0103, U+0110-0111, U+1EA0-1EF9, U+20AB;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local('Lora Bold'), local('Lora-Bold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-bold-latin-ext.woff2') format('woff2');
-  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 700;
-  font-display: swap;
-  src: local('Lora Bold'), local('Lora-Bold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-bold-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-@font-face {
-  font-family: 'Lora';
-  font-style: normal;
-  font-weight: 600;
-  font-display: swap;
-  src: local('Lora SemiBold'), local('Lora-SemiBold'), url('https://martinthomson.github.io/rfc-css/fonts/lora-semibold-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-
-@font-face {
-  font-family: 'Cabin Condensed';
-  font-style: normal;
-  font-weight: 600;
-  font-display: swap;
-  src: local('Cabin Condensed SemiBold'), local('CabinCondensed-SemiBold'), url('https://martinthomson.github.io/rfc-css/fonts/cabincondensed-semibold-vietnamese.woff2') format('woff2');
-  unicode-range: U+0102-0103, U+0110-0111, U+1EA0-1EF9, U+20AB;
-}
-@font-face {
-  font-family: 'Cabin Condensed';
-  font-style: normal;
-  font-weight: 600;
-  font-display: swap;
-  src: local('Cabin Condensed SemiBold'), local('CabinCondensed-SemiBold'), url('https://martinthomson.github.io/rfc-css/fonts/cabincondensed-semibold-latin-ext.woff2') format('woff2');
-  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-}
-@font-face {
-  font-family: 'Cabin Condensed';
-  font-style: normal;
-  font-weight: 600;
-  font-display: swap;
-  src: local('Cabin Condensed SemiBold'), local('CabinCondensed-SemiBold'), url('https://martinthomson.github.io/rfc-css/fonts/cabincondensed-semibold-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-
-@font-face {
-  font-family: 'Oxygen Mono';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Oxygen Mono'), local('OxygenMono-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/oxygenmono-regular-latin-ext.woff2') format('woff2');
-  unicode-range: U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;
-}
-@font-face {
-  font-family: 'Oxygen Mono';
-  font-style: normal;
-  font-weight: 400;
-  font-display: swap;
-  src: local('Oxygen Mono'), local('OxygenMono-Regular'), url('https://martinthomson.github.io/rfc-css/fonts/oxygenmono-regular-latin.woff2') format('woff2');
-  unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;
-}
-
-:root {
-  color-scheme: light dark;
-  --background-color: #fff;
-  --text-color: #222;
-  --title-color: #191919;
-  --link-color: #2a6496;
-  --highlight-color: #f9f9f9;
-  --line-color: #eee;
-  --pilcrow-weak: #ddd;
-  --pilcrow-strong: #bbb;
-  --small-font-size: 14.5px;
-  --font-mono: 'Oxygen Mono', monospace;
-  scrollbar-color: #bbb #eee;
-}
-body {
-  max-width: 600px;
-  margin: 75px auto;
-  padding: 0 5px;
-  color: var(--text-color);
-  background-color: var(--background-color);
-  font: 16px/22px "Lora", serif;
-  scroll-behavior: smooth;
-}
-
-.ears {
-  display: none;
-}
-
-/* headings */
-h1, h2, h3, h4, h5, h6 {
-  font-family: "Cabin Condensed", sans-serif;
-  font-weight: 600;
-  margin: 0.8em 0 0.3em;
-  font-size-adjust: 0.5;
-  color: var(--title-color);
-}
-h1#title {
-  font-size: 32px;
-  line-height: 40px;
-  clear: both;
-}
-h1#title, h1#rfcnum {
-  margin: 1.5em 0 0.2em;
-}
-h1#rfcnum + h1#title {
-  margin: 0.2em 0;
-}
-
-h1, h2, h3 {
-  font-size: 22px;
-  line-height: 27px;
-}
-h4, h5, h6 {
-  font-size: 20px;
-  line-height: 24px;
-}
-
-/* general structure */
-.author {
-  padding-bottom: 0.3em;
-}
-#abstract+p {
-  font-size: 18px;
-  line-height: 24px;
-}
-#abstract+p code, #abstract+p samp, #abstract+p tt {
-  font-size: 16px;
-  line-height: 0;
-}
-
-p {
-  padding: 0;
-  margin: 0.5em 0;
-  text-align: left;
-}
-div {
-  margin: 0;
-}
-.alignRight.art-text {
-  background-color: var(--highlight-color);
-  border: 1px solid var(--line-color);
-  border-radius: 3px;
-  padding: 0.5em 1em 0;
-  margin-bottom: 0.5em;
-}
-.alignRight.art-text pre {
-  padding: 0;
-  width: auto;
-}
-.alignRight {
-  margin: 1em 0;
-}
-.alignRight > *:first-child {
-  border: none;
-  margin: 0;
-  float: right;
-  clear: both;
-}
-.alignRight > *:nth-child(2) {
-  clear: both;
-  display: block;
-  border: none;
-}
-svg {
-  display: block;
-}
-/* font-family isn't space-separated, but =~ will have to do */
-svg[font-family~="monospace" i], svg [font-family~="monospace" i] {
-  font-family: var(--font-mono);
-}
-.alignCenter.art-text {
-  background-color: var(--highlight-color);
-  border: 1px solid var(--line-color);
-  border-radius: 3px;
-  padding: 0.5em 1em 0;
-  margin-bottom: 0.5em;
-}
-.alignCenter.art-text pre {
-  padding: 0;
-  width: auto;
-}
-.alignCenter {
-  margin: 1em 0;
-}
-.alignCenter > *:first-child {
-  border: none;
-  /* this isn't optimal, but it's an existence proof.  PrinceXML doesn't
-     support flexbox yet.
-  */
-  display: table;
-  margin: 0 auto;
-}
-
-/* lists */
-ol, ul {
-  padding: 0;
-  margin: 0 0 0.5em 2em;
-}
-:is(ol, ul) :is(ol, ul) {
-  margin-left: 1em;
-}
-li {
-  margin: 0 0 0.25em 0;
-}
-.ulCompact li {
-  margin: 0;
-}
-ul.empty, .ulEmpty {
-  list-style-type: none;
-}
-ul.empty li, .ulEmpty li {
-  margin-top: 0.5em;
-}
-:is(ul, ol).compact, .ulCompact, .olCompact {
-  line-height: 1;
-  margin: 0 0 0 2em;
-}
-
-/* definition lists */
-dl {
-  clear: left;
-  --indent: 3ch;
-  /* --indent: attr(indent ch); not supported in any browser, but we can dream */
-}
-dl.olPercent {
-  --indent: 5ch;
-}
-dl > dt {
-  float: left;
-  margin-right: 2ch;
-  min-width: 8ch;
-}
-dl.dlNewline > dt {
-  float: none;
-}
-dl > dd {
-  margin-bottom: .8em;
-  margin-left: var(--indent) !important; /* stupid element overrides */
-  min-height: 2ex;
-}
-dl.olPercent > dt {
-  min-width: calc(var(--indent) - 2ch);
-}
-:is(dl.compact, .dlCompact) > dd {
-  margin-bottom: 0;
-}
-:is(dl.compact, .dlCompact) > dd > :is(:first-child, .break:first-child + *) {
-  margin-top: 0;
-}
-:is(dl.compact, .dlCompact) > dd > :is(:last-child) {
-  margin-bottom: 0;
-}
-dl > dd > dl {
-  margin-top: 0.5em;
-  margin-bottom: 0;
-}
-:is(dd, span).break {
-  display: none;
-}
-
-/* links */
-a, a[href].selfRef:hover {
-  text-decoration: none;
-}
-a[href] {
-  color: var(--link-color);
-}
-a[href].selfRef, .iref + a[href].internal {
-  color: var(--text-color);
-}
-a[href]:hover {
-  text-decoration: underline;
-}
-a[href].selfRef:hover {
-  background-color: var(--highlight-color);
-}
-a.xref:is(.cite, .auto), :is(#status-of-memo, #copyright) a {
-  white-space: nowrap;
-}
-
-/* Figures */
-tt, code, pre {
-  background-color: var(--highlight-color);
-  font: 14px/22px var(--font-mono);
-}
-tt, code {
-  /* changing the font for inline elements leads to different ascender
-     and descender heights; as we want to retain baseline alignment,
-     remove leading to avoid altering the final height of lines
-     note: this fails if these blocks take an entire line,
-     a different solution would be great */
-  line-height: 0;
-}
-:is(h1, h2, h3, h4, h5, h6) :is(tt, code) {
-  font-size: 84%;
-}
-pre {
-  border: 1px solid var(--line-color);
-  font-size: 13.5px;
-  line-height: 16px;
-  letter-spacing: -0.2px;
-  margin: 5px;
-  padding: 5px;
-}
-img {
-  max-width: 100%;
-}
-figure {
-  margin: 0.5em 0;
-  padding: 0;
-}
-figure blockquote {
-  margin: 0.8em 0.4em 0.4em;
-}
-figcaption, caption {
-  font-style: italic;
-  margin: 0.5em 1.5em;
-  text-align: left;
-}
-@media screen {
-  /* Auto-collapse boilerplate. */
-  :is(#status-of-memo, #copyright) p {
-    margin: -2px 0;
-    max-height: 0;
-    transition: max-height 2s ease, margin 0.5s ease 0.5s;
-    overflow: hidden;
-  }
-  :is(#status-of-memo, #copyright):hover p,
-  :is(#status-of-memo, #copyright) h2:target ~ p {
-    margin: 0.5em 0;
-    max-height: 500px;
-    overflow: auto;
-  }
-  pre, svg {
-    display: inline-block;
-    overflow-x: auto;
-  }
-  pre {
-    max-width: 100%;
-    width: calc(100% - 22px - 1em);
-  }
-  svg {
-    max-width: calc(100% - 22px - 1em);
-  }
-  figure pre {
-    display: block;
-    width: calc(100% - 25px);
-  }
-  :is(pre, svg) + .pilcrow {
-    display: inline-block;
-    vertical-align: text-bottom;
-    padding-bottom: 8px;
-  }
-}
-
-/* aside, blockquote */
-aside, blockquote {
-  margin-left: 0;
-  padding: 0 2em;
-  font-style: italic;
-}
-blockquote {
-  margin: 1em 0;
-}
-cite {
-  display: block;
-  text-align: right;
-  font-style: italic;
-}
-
-/* tables */
-table {
-  max-width: 100%;
-  margin: 0 0 1em;
-  border-collapse: collapse;
-}
-table.right {
-  margin-left: auto;
-}
-table.center {
-  margin-left: auto;
-  margin-right: auto;
-}
-table.left {
-  margin-right: auto;
-}
-thead, tbody {
-  border: 1px solid var(--line-color);
-}
-th, td {
-  text-align: left;
-  vertical-align: top;
-  padding: 5px 10px;
-}
-th {
-  background-color: var(--line-color);
-}
-:is(tr:nth-child(2n), thead+tbody > tr:nth-child(2n+1)) > td {
-  background-color: var(--background-color);
-}
-:is(tr:nth-child(2n+1), thead+tbody > tr:nth-child(2n)) > td {
-  background-color: var(--highlight-color);
-}
-table caption {
-  margin: 0;
-  padding: 3px 0 3px 1em;
-}
-table p {
-  margin: 0;
-}
-
-/* pilcrow */
-a.pilcrow {
-  margin-left: 3px;
-  opacity: 0.2;
-  user-select: none;
-}
-a.pilcrow[href] { color: var(--pilcrow-weak); }
-a.pilcrow[href]:hover { text-decoration: none; }
-@media not print {
-  :hover > a.pilcrow {
-    opacity: 1;
-  }
-  a.pilcrow[href]:hover {
-    color: var(--pilcrow-strong);
-    background-color: transparent;
-  }
-}
-@media print {
-  a.pilcrow {
-    display: none;
-  }
-}
-
-/* misc */
-hr {
-  border: 0;
-  border-top: 1px solid var(--line-color);
-}
-.bcp14 {
-  font-variant: small-caps;
-  font-weight: 600;
-  font-size: var(--small-font-size);
-}
-.role {
-  font-variant: all-small-caps;
-}
-sub, sup {
-  line-height: 1;
-  font-size: 80%;
-}
-
-/* info block */
-#identifiers {
-  margin: 0;
-  font-size: var(--small-font-size);
-  line-height: 18px;
-  --identifier-width: 15ch;
-}
-#identifiers dt {
-  width: var(--identifier-width);
-  min-width: var(--identifier-width);
-  clear: left;
-  float: left;
-  text-align: right;
-  margin-right: 1ch;
-}
-#identifiers dd {
-  margin: 0;
-  margin-left: calc(1em + var(--identifier-width)) !important;
-  min-width: 5em;
-}
-#identifiers .authors .author {
-  display: inline-block;
-  margin-right: 1.5em;
-}
-#identifiers .authors .org {
-  font-style: italic;
-}
-
-/* The prepared/rendered info at the very bottom of the page */
-.docInfo {
-  color: #999;
-  font-size: 0.9em;
-  font-style: italic;
-  margin-top: 2em;
-}
-.docInfo .prepared {
-  float: left;
-}
-.docInfo .prepared {
-  float: right;
-}
-
-/* table of contents */
-#toc {
-  padding: 0.75em 0 2em 0;
-  margin-bottom: 1em;
-}
-#toc nav ul {
-  margin: 0 0.5em 0 0;
-  padding: 0;
-  list-style: none;
-}
-#toc nav li {
-  line-height: 1.3em;
-  margin: 2px 0;
-  padding-left: 1.2em;
-  text-indent: -1.2em;
-}
-#toc a.xref {
-  white-space: normal;
-}
-/* references */
-.references dt {
-  text-align: right;
-  font-weight: bold;
-  min-width: 10ch;
-  margin-right: 1.5ch;
-}
-.references dt:target::before {
-  content: "⇒";
-  width: 15px;
-  margin: 0 10px 0 -25px;
-}
-.references dd {
-  margin-left: 12ch !important;
-  overflow: auto;
-}
-
-.refInstance {
-  margin-bottom: 1.25em;
-}
-
-.references .ascii {
-  margin-bottom: 0.25em;
-}
-
-/* index */
-#rfc\.index\.index + ul {
-  margin-left: 0;
-}
-
-/* authors */
-address.vcard {
-  font-style: normal;
-  margin: 1em 0;
-}
-address.vcard .nameRole {
-  font-weight: 700;
-  margin-left: 0;
-}
-address.vcard .label {
-  margin: 0.5em 0;
-}
-address.vcard .type {
-  display: none;
-}
-.alternative-contact {
-  margin: 1.5em 0 1em;
-}
-hr.addr {
-  border-top: 1px dashed;
-  margin: 0;
-  color: #ddd;
-  max-width: calc(100% - 16px);
-}
-@media (min-width: 500px) {
-  #authors-addresses > section {
-    column-count: 2;
-    column-gap: 20px;
-  }
-  #authors-addresses > section > h2 {
-    column-span: all;
-  }
-  /* hack for break-inside: avoid-column */
-  #authors-addresses address {
-    display: inline-block;
-    break-inside: avoid-column;
-  }
-}
-
-.rfcEditorRemove p:first-of-type {
-  font-style: italic;
-}
-.cref {
-  background-color: rgba(249, 232, 105, 0.3);
-  padding: 2px 4px;
-}
-.crefSource {
-  font-style: italic;
-}
-/* alternative layout for smaller screens */
-@media screen and (max-width: 929px) {
-  #toc {
-    position: fixed;
-    z-index: 2;
-    top: 0;
-    right: 0;
-    padding: 1px 0 0 0;
-    margin: 0;
-    border-bottom: 1px solid #ccc;
-    opacity: 0.6;
-  }
-  #toc.active {
-      opacity: 1;
-  }
-  #toc h2 {
-    margin: 0;
-    padding: 2px 0 2px 6px;
-    padding-right: 1em;
-    font-size: 18px;
-    line-height: 24px;
-    min-width: 190px;
-    text-align: right;
-    background-color: #444;
-    color: white;
-    cursor: pointer;
-  }
-  #toc h2::before { /* css hamburger */
-    float: right;
-    position: relative;
-    width: 1em;
-    height: 1px;
-    left: -164px;
-    margin: 8px 0 0 0;
-    background: white none repeat scroll 0 0;
-    box-shadow: 0 4px 0 0 white, 0 8px 0 0 white;
-    content: "";
-  }
-  #toc nav {
-    display: none;
-    background-color: var(--background-color);
-    padding: 0.5em 1em 1em;
-    overflow: auto;
-    overscroll-behavior: contain;
-    height: calc(100vh - 48px);
-    border-left: 1px solid #ddd;
-  }
-  #toc.active nav {
-    display: block;
-  }
-  /* Make the collapsed ToC header render white on gray also when it's a link */
-  #toc h2 a,
-  #toc h2 a:link,
-  #toc h2 a:focus,
-  #toc h2 a:hover,
-  #toc a.toplink,
-  #toc a.toplink:hover {
-    color: white;
-    background-color: #444;
-    text-decoration: none;
-  }
-  #toc a.toplink {
-    margin-top: 2px;
-  }
-}
-
-/* alternative layout for wide screens */
-@media screen and (min-width: 930px) {
-  body {
-    padding-right: 360px;
-    padding-right: calc(min(180px + 20%, 500px));
-  }
-  #toc {
-    position: fixed;
-    bottom: 0;
-    right: 0;
-    right: calc(50vw - 480px);
-    width: 312px;
-    margin: 0;
-    padding: 0;
-    z-index: 1;
-  }
-  #toc h2 {
-    margin: 0;
-    padding: 0.25em 1em 1em 0;
-  }
-  #toc nav {
-    display: block;
-    height: calc(90vh - 84px);
-    bottom: 0;
-    padding: 0.5em 0 2em;
-    overflow: auto;
-    overscroll-behavior: contain;
-    scrollbar-width: thin;
-  }
-  #toc nav > ul  {
-    margin-bottom: 2em;
-  }
-  #toc ul {
-    margin: 0 0 0 4px;
-    font-size: var(--small-font-size);
-  }
-  #toc ul :is(p, li) {
-    margin: 2px 0;
-    line-height: 22px;
-  }
-  img { /* future proofing */
-    max-width: 100%;
-    height: auto;
-  }
-}
-
-/* pagination */
-@media print {
-  body {
-    width: 100%;
-  }
-  p {
-    orphans: 3;
-    widows: 3;
-  }
-  #n-copyright-notice {
-    border-bottom: none;
-  }
-  #toc, #n-introduction {
-    page-break-before: always;
-  }
-  #toc {
-    border-top: none;
-    padding-top: 0;
-  }
-  figure, pre, .vcard {
-    page-break-inside: avoid;
-  }
-  h1, h2, h3, h4, h5, h6 {
-    page-break-after: avoid;
-  }
-  :is(h2, h3, h4, h5, h6)+*, dd {
-    page-break-before: avoid;
-  }
-  pre {
-    white-space: pre-wrap;
-    word-wrap: break-word;
-    font-size: 10pt;
-  }
-  table {
-    border: 1px solid #ddd;
-  }
-  td {
-    border-top: 1px solid #ddd;
-  }
-  .toplink {
-    display: none;
-  }
-}
-
-@page :first {
-  padding-top: 0;
-  @top-left {
-    content: normal;
-    border: none;
-  }
-  @top-center {
-    content: normal;
-    border: none;
-  }
-  @top-right {
-    content: normal;
-    border: none;
-  }
-}
-
-@page {
-  size: A4;
-  margin-bottom: 45mm;
-  padding-top: 20px;
-}
-
-/* Changes introduced to fix issues found during implementation */
-
-/* Separate body from document info even without intervening H1 */
-section {
-  clear: both;
-}
-
-/* Top align author divs, to avoid names without organization dropping level with org names */
-.author {
-  vertical-align: top;
-}
-
-/* Style section numbers with more space between number and title */
-.section-number {
-  padding-right: 0.5em;
-}
-
-/* Add styling for a link in the ToC that points to the top of the document */
-a.toplink {
-  float: right;
-  margin: 8px 0.5em 0;
-}
-
-/* Provide styling for table cell text alignment */
-table .text-left {
-  text-align: left;
-}
-table .text-center {
-  text-align: center;
-}
-table .text-right {
-  text-align: right;
-}
-
-/* Make the alternative author contact information look less like just another
-   author, and group it closer with the primary author contact information */
-.alternative-contact {
-  margin: 0.5em 0 0.25em 0;
-}
-address .non-ascii {
-  margin: 0 0 0 2em;
-}
-
-/* With it being possible to set tables with alignment
-  left, center, and right, { width: 100%; } does not make sense */
-table {
-  width: auto;
-}
-
-/* Avoid reference text that sits in a block with very wide left margin,
-   because of a long floating dt label.*/
-.references dd {
-  overflow: visible;
-}
-
-/* Control caption placement */
-caption {
-  caption-side: bottom;
-}
-
-/* Limit the width of the author address vcard, so names in right-to-left
-   script don't end up on the other side of the page. */
-
-address.vcard {
-  max-width: 20em;
-  margin-right: auto;
-}
-
-/* For address alignment dependent on LTR or RTL scripts */
-address div.left {
-  text-align: left;
-}
-address div.right {
-  text-align: right;
-}
-
-/* Dark mode. */
-@media (prefers-color-scheme: dark) {
-:root {
-  --background-color: #121212;
-  --text-color: #f0f0f0;
-  --title-color: #fff;
-  --link-color: #4da4f0;
-  --highlight-color: #282828;
-  --line-color: #444;
-  --pilcrow-weak: #444;
-  --pilcrow-strong: #666;
-  scrollbar-color: #777 #333;
-}
-}
-
-/* SVG Trick: a prefix match works because only black and white are allowed */
-svg :is([stroke="black"], [stroke^="#000"]) {
-  stroke: var(--text-color);
-}
-svg :is([stroke="white"], [stroke^="#fff"]) {
-  stroke: var(--background-color);
-}
-svg :is([fill="black"], [fill^="#000"], :not([fill])) {
-  fill: var(--text-color);
-}
-svg :is([fill="white"], [fill^="#fff"]) {
-  fill: var(--background-color);
-}
-</style>
-
-</head>
-<body class="xml2rfc">
-<table class="ears">
-<thead><tr>
-<td class="left">Internet-Draft</td>
-<td class="center">PQC Kyber in Certificates</td>
-<td class="right">November 2023</td>
-</tr></thead>
-<tfoot><tr>
-<td class="left">Turner, et al.</td>
-<td class="center">Expires 8 May 2024</td>
-<td class="right">[Page]</td>
-</tr></tfoot>
-</table>
-<div id="external-metadata" class="document-information"></div>
-<div id="internal-metadata" class="document-information">
-<dl id="identifiers">
-<dt class="label-workgroup">Workgroup:</dt>
-<dd class="workgroup">LAMPS</dd>
-<dt class="label-internet-draft">Internet-Draft:</dt>
-<dd class="internet-draft">draft-ietf-lamps-kyber-certificates-latest</dd>
-<dt class="label-published">Published:</dt>
-<dd class="published">
-<time datetime="2023-11-05" class="published">5 November 2023</time>
-    </dd>
-<dt class="label-intended-status">Intended Status:</dt>
-<dd class="intended-status">Standards Track</dd>
-<dt class="label-expires">Expires:</dt>
-<dd class="expires"><time datetime="2024-05-08">8 May 2024</time></dd>
-<dt class="label-authors">Authors:</dt>
-<dd class="authors">
-<div class="author">
-      <div class="author-name">S. Turner</div>
-<div class="org">sn3rd</div>
-</div>
-<div class="author">
-      <div class="author-name">P. Kampanakis</div>
-<div class="org">AWS</div>
-</div>
-<div class="author">
-      <div class="author-name">J. Massimo</div>
-<div class="org">AWS</div>
-</div>
-<div class="author">
-      <div class="author-name">B. Westerbaan</div>
-<div class="org">Cloudflare</div>
-</div>
-</dd>
-</dl>
-</div>
-<h1 id="title">Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Kyber</h1>
-<section id="section-abstract">
-      <h2 id="abstract"><a href="#abstract" class="selfRef">Abstract</a></h2>
-<p id="section-abstract-1">Kyber is a key-encapsulation mechanism (KEM). This document specifies
-algorithm identifiers and ASN.1 encoding format for Kyber in public
-key certificates. The encoding for public and private keys are also
-provided.<a href="#section-abstract-1" class="pilcrow">¶</a></p>
-<p id="section-abstract-2">[EDNOTE:
-This document is not expected to be finalized before the NIST PQC
-Project has standardized PQ algorithms. This specification will use
-object identifiers for the new algorithms that are assigned by NIST,
-and will use placeholders until these are released.]<a href="#section-abstract-2" class="pilcrow">¶</a></p>
-</section>
-<section class="note rfcEditorRemove" id="section-note.1">
-      <h2 id="name-about-this-document">
-<a href="#name-about-this-document" class="section-name selfRef">About This Document</a>
-      </h2>
-<p id="section-note.1-1">This note is to be removed before publishing as an RFC.<a href="#section-note.1-1" class="pilcrow">¶</a></p>
-<p id="section-note.1-2">
-        The latest revision of this draft can be found at <span><a href="https://lamps-wg.github.io/kyber-certificates/#go.draft-ietf-lamps-kyber-certificates.html">https://lamps-wg.github.io/kyber-certificates/#go.draft-ietf-lamps-kyber-certificates.html</a></span>.
-        Status information for this document may be found at <span><a href="https://datatracker.ietf.org/doc/draft-ietf-lamps-kyber-certificates/">https://datatracker.ietf.org/doc/draft-ietf-lamps-kyber-certificates/</a></span>.<a href="#section-note.1-2" class="pilcrow">¶</a></p>
-<p id="section-note.1-3">
-        Discussion of this document takes place on the
-        Limited Additional Mechanisms for PKIX and SMIME (lamps) Working Group mailing list (<span><a href="mailto:spasm@ietf.org">mailto:spasm@ietf.org</a></span>),
-        which is archived at <span><a href="https://mailarchive.ietf.org/arch/browse/spasm/">https://mailarchive.ietf.org/arch/browse/spasm/</a></span>.
-        Subscribe at <span><a href="https://www.ietf.org/mailman/listinfo/spasm/">https://www.ietf.org/mailman/listinfo/spasm/</a></span>.<a href="#section-note.1-3" class="pilcrow">¶</a></p>
-<p id="section-note.1-4">Source for this draft and an issue tracker can be found at
-        <span><a href="https://github.com/lamps-wg/kyber-certificates">https://github.com/lamps-wg/kyber-certificates</a></span>.<a href="#section-note.1-4" class="pilcrow">¶</a></p>
-</section>
-<div id="status-of-memo">
-<section id="section-boilerplate.1">
-        <h2 id="name-status-of-this-memo">
-<a href="#name-status-of-this-memo" class="section-name selfRef">Status of This Memo</a>
-        </h2>
-<p id="section-boilerplate.1-1">
-        This Internet-Draft is submitted in full conformance with the
-        provisions of BCP 78 and BCP 79.<a href="#section-boilerplate.1-1" class="pilcrow">¶</a></p>
-<p id="section-boilerplate.1-2">
-        Internet-Drafts are working documents of the Internet Engineering Task
-        Force (IETF). Note that other groups may also distribute working
-        documents as Internet-Drafts. The list of current Internet-Drafts is
-        at <span><a href="https://datatracker.ietf.org/drafts/current/">https://datatracker.ietf.org/drafts/current/</a></span>.<a href="#section-boilerplate.1-2" class="pilcrow">¶</a></p>
-<p id="section-boilerplate.1-3">
-        Internet-Drafts are draft documents valid for a maximum of six months
-        and may be updated, replaced, or obsoleted by other documents at any
-        time. It is inappropriate to use Internet-Drafts as reference
-        material or to cite them other than as "work in progress."<a href="#section-boilerplate.1-3" class="pilcrow">¶</a></p>
-<p id="section-boilerplate.1-4">
-        This Internet-Draft will expire on 8 May 2024.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="copyright">
-<section id="section-boilerplate.2">
-        <h2 id="name-copyright-notice">
-<a href="#name-copyright-notice" class="section-name selfRef">Copyright Notice</a>
-        </h2>
-<p id="section-boilerplate.2-1">
-            Copyright (c) 2023 IETF Trust and the persons identified as the
-            document authors. All rights reserved.<a href="#section-boilerplate.2-1" class="pilcrow">¶</a></p>
-<p id="section-boilerplate.2-2">
-            This document is subject to BCP 78 and the IETF Trust's Legal
-            Provisions Relating to IETF Documents
-            (<span><a href="https://trustee.ietf.org/license-info">https://trustee.ietf.org/license-info</a></span>) in effect on the date of
-            publication of this document. Please review these documents
-            carefully, as they describe your rights and restrictions with
-            respect to this document. Code Components extracted from this
-            document must include Revised BSD License text as described in
-            Section 4.e of the Trust Legal Provisions and are provided without
-            warranty as described in the Revised BSD License.<a href="#section-boilerplate.2-2" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="toc">
-<section id="section-toc.1">
-        <a href="#" onclick="scroll(0,0)" class="toplink">▲</a><h2 id="name-table-of-contents">
-<a href="#name-table-of-contents" class="section-name selfRef">Table of Contents</a>
-        </h2>
-<nav class="toc"><ul class="compact toc ulBare ulEmpty">
-<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.1">
-            <p id="section-toc.1-1.1.1" class="keepWithNext"><a href="#section-1" class="auto internal xref">1</a>.  <a href="#name-introduction" class="internal xref">Introduction</a></p>
-<ul class="compact toc ulBare ulEmpty">
-<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.1.2.1">
-                <p id="section-toc.1-1.1.2.1.1" class="keepWithNext"><a href="#section-1.1" class="auto internal xref">1.1</a>.  <a href="#name-asn1-and-kyber-identifiers" class="internal xref">ASN.1 and Kyber Identifiers</a></p>
-</li>
-              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.1.2.2">
-                <p id="section-toc.1-1.1.2.2.1" class="keepWithNext"><a href="#section-1.2" class="auto internal xref">1.2</a>.  <a href="#name-applicability-statement" class="internal xref">Applicability Statement</a></p>
-</li>
-            </ul>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.2">
-            <p id="section-toc.1-1.2.1"><a href="#section-2" class="auto internal xref">2</a>.  <a href="#name-conventions-and-definitions" class="internal xref">Conventions and Definitions</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3">
-            <p id="section-toc.1-1.3.1"><a href="#section-3" class="auto internal xref">3</a>.  <a href="#name-algorithm-identifiers" class="internal xref">Algorithm Identifiers</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4">
-            <p id="section-toc.1-1.4.1"><a href="#section-4" class="auto internal xref">4</a>.  <a href="#name-kyber-public-key-identifier" class="internal xref">Kyber Public Key Identifiers</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5">
-            <p id="section-toc.1-1.5.1"><a href="#section-5" class="auto internal xref">5</a>.  <a href="#name-subject-public-key-fields" class="internal xref">Subject Public Key Fields</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.6">
-            <p id="section-toc.1-1.6.1"><a href="#section-6" class="auto internal xref">6</a>.  <a href="#name-private-key-format" class="internal xref">Private Key Format</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.7">
-            <p id="section-toc.1-1.7.1"><a href="#section-7" class="auto internal xref">7</a>.  <a href="#name-asn1-module" class="internal xref">ASN.1 Module</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.8">
-            <p id="section-toc.1-1.8.1"><a href="#section-8" class="auto internal xref">8</a>.  <a href="#name-security-considerations" class="internal xref">Security Considerations</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.9">
-            <p id="section-toc.1-1.9.1"><a href="#section-9" class="auto internal xref">9</a>.  <a href="#name-iana-considerations" class="internal xref">IANA Considerations</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.10">
-            <p id="section-toc.1-1.10.1"><a href="#section-10" class="auto internal xref">10</a>. <a href="#name-references" class="internal xref">References</a></p>
-<ul class="compact toc ulBare ulEmpty">
-<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.10.2.1">
-                <p id="section-toc.1-1.10.2.1.1"><a href="#section-10.1" class="auto internal xref">10.1</a>.  <a href="#name-normative-references" class="internal xref">Normative References</a></p>
-</li>
-              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.10.2.2">
-                <p id="section-toc.1-1.10.2.2.1"><a href="#section-10.2" class="auto internal xref">10.2</a>.  <a href="#name-informative-references" class="internal xref">Informative References</a></p>
-</li>
-            </ul>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.11">
-            <p id="section-toc.1-1.11.1"><a href="#appendix-A" class="auto internal xref"></a><a href="#name-acknowledgments" class="internal xref">Acknowledgments</a></p>
-</li>
-          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.12">
-            <p id="section-toc.1-1.12.1"><a href="#appendix-B" class="auto internal xref"></a><a href="#name-authors-addresses" class="internal xref">Authors' Addresses</a></p>
-</li>
-        </ul>
-</nav>
-</section>
-</div>
-<div id="introduction">
-<section id="section-1">
-      <h2 id="name-introduction">
-<a href="#section-1" class="section-number selfRef">1. </a><a href="#name-introduction" class="section-name selfRef">Introduction</a>
-      </h2>
-<p id="section-1-1">Kyber is a key-encapsulation mechanism (KEM) standardized by the US NIST
-PQC Project <span>[<a href="#PQCProj" class="cite xref">PQCProj</a>]</span>. This document specifies the use of the Kyber
-algorithm at three security levels: Kyber512, Kyber768, and Kyber1024,
-in X.509 public key certificates; see <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span>. Public and private
-key encodings are also specified.<a href="#section-1-1" class="pilcrow">¶</a></p>
-<div id="asn1-and-kyber-identifiers">
-<section id="section-1.1">
-        <h3 id="name-asn1-and-kyber-identifiers">
-<a href="#section-1.1" class="section-number selfRef">1.1. </a><a href="#name-asn1-and-kyber-identifiers" class="section-name selfRef">ASN.1 and Kyber Identifiers</a>
-        </h3>
-<p id="section-1.1-1">An ASN.1 module <span>[<a href="#X680" class="cite xref">X680</a>]</span> is included for reference purposes. Note that
-as per <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span>, certificates use the Distinguished Encoding Rules;
-see <span>[<a href="#X690" class="cite xref">X690</a>]</span>. Also note that NIST defined the object identifiers for
-the Kyber algorithms in an ASN.1 modulle; see (TODO insert reference).<a href="#section-1.1-1" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="applicability-statement">
-<section id="section-1.2">
-        <h3 id="name-applicability-statement">
-<a href="#section-1.2" class="section-number selfRef">1.2. </a><a href="#name-applicability-statement" class="section-name selfRef">Applicability Statement</a>
-        </h3>
-<p id="section-1.2-1">Kyber certificates are used in protocols where the public key is used to
-generate and encapsulate a shared secret used to derive a symmetric key used to
-encrypt a payload; see <span>[<a href="#I-D.ietf-lamps-kyber" class="cite xref">I-D.ietf-lamps-kyber</a>]</span>. To be used in
-TLS, Kyber certificates could only be used as end-entity identity
-certificates and would require significant updates to the protocol; see
-<span>[<a href="#I-D.celi-wiggers-tls-authkem" class="cite xref">I-D.celi-wiggers-tls-authkem</a>]</span>.<a href="#section-1.2-1" class="pilcrow">¶</a></p>
-</section>
-</div>
-</section>
-</div>
-<div id="conventions-and-definitions">
-<section id="section-2">
-      <h2 id="name-conventions-and-definitions">
-<a href="#section-2" class="section-number selfRef">2. </a><a href="#name-conventions-and-definitions" class="section-name selfRef">Conventions and Definitions</a>
-      </h2>
-<p id="section-2-1">The key words "<span class="bcp14">MUST</span>", "<span class="bcp14">MUST NOT</span>", "<span class="bcp14">REQUIRED</span>", "<span class="bcp14">SHALL</span>", "<span class="bcp14">SHALL NOT</span>", "<span class="bcp14">SHOULD</span>", "<span class="bcp14">SHOULD NOT</span>", "<span class="bcp14">RECOMMENDED</span>", "<span class="bcp14">NOT RECOMMENDED</span>",
-"<span class="bcp14">MAY</span>", and "<span class="bcp14">OPTIONAL</span>" in this document are to be interpreted as
-described in BCP 14 <span>[<a href="#RFC2119" class="cite xref">RFC2119</a>]</span> <span>[<a href="#RFC8174" class="cite xref">RFC8174</a>]</span> when, and only when, they
-appear in all capitals, as shown here.<a href="#section-2-1" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="algorithm-identifiers">
-<section id="section-3">
-      <h2 id="name-algorithm-identifiers">
-<a href="#section-3" class="section-number selfRef">3. </a><a href="#name-algorithm-identifiers" class="section-name selfRef">Algorithm Identifiers</a>
-      </h2>
-<p id="section-3-1">Certificates conforming to <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span> can convey a public key for any
-public key algorithm. The certificate indicates the algorithm through
-an algorithm identifier. An algorithm identifier consists of an object
-identifier and optional parameters.<a href="#section-3-1" class="pilcrow">¶</a></p>
-<p id="section-3-2">The AlgorithmIdentifier type, which is included herein for convenience,
-is defined as follows:<a href="#section-3-2" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-3-3">
-<pre>
-  AlgorithmIdentifier{ALGORITHM-TYPE, ALGORITHM-TYPE:AlgorithmSet} ::=
-    SEQUENCE {
-      algorithm   ALGORITHM-TYPE.&amp;id({AlgorithmSet}),
-      parameters  ALGORITHM-TYPE.
-                    &amp;Params({AlgorithmSet}{@algorithm}) OPTIONAL
-    }
-</pre><a href="#section-3-3" class="pilcrow">¶</a>
-</div>
-<aside id="section-3-4">
-        <p id="section-3-4.1">NOTE: The above syntax is from <span>[<a href="#RFC5912" class="cite xref">RFC5912</a>]</span> and is compatible with the
-  2021 ASN.1 syntax <span>[<a href="#X680" class="cite xref">X680</a>]</span>.<a href="#section-3-4.1" class="pilcrow">¶</a></p>
-</aside>
-<p id="section-3-5">The fields in AlgorithmIdentifier have the following meanings:<a href="#section-3-5" class="pilcrow">¶</a></p>
-<ul class="normal">
-<li class="normal" id="section-3-6.1">
-          <p id="section-3-6.1.1">algorithm identifies the cryptographic algorithm with an object
-identifier.<a href="#section-3-6.1.1" class="pilcrow">¶</a></p>
-</li>
-        <li class="normal" id="section-3-6.2">
-          <p id="section-3-6.2.1">parameters, which are optional, are the associated parameters for
-the algorithm identifier in the algorithm field.<a href="#section-3-6.2.1" class="pilcrow">¶</a></p>
-</li>
-      </ul>
-<p id="section-3-7"><a href="#Kyber-TBD1" class="auto internal xref">Section 4</a> includes object identifiers for Kyber-512, Kyber-768, and
-Kyber-1024. For all of these OIDs, the parameters <span class="bcp14">MUST</span> be absent.<a href="#section-3-7" class="pilcrow">¶</a></p>
-<aside id="section-3-8">
-        <p id="section-3-8.1">NOTE: It is possible to find systems that require the parameters to be
-  present. This can be due to either a defect in the original 1997
-  syntax or a programming error where developers never got input where
-  this was not true. The optimal solution is to fix these systems;
-  where this is not possible, the problem needs to be restricted to
-  that subsystem and not propagated to the Internet.<a href="#section-3-8.1" class="pilcrow">¶</a></p>
-</aside>
-</section>
-</div>
-<div id="Kyber-TBD1">
-<section id="section-4">
-      <h2 id="name-kyber-public-key-identifier">
-<a href="#section-4" class="section-number selfRef">4. </a><a href="#name-kyber-public-key-identifier" class="section-name selfRef">Kyber Public Key Identifiers</a>
-      </h2>
-<p id="section-4-1">The AlgorithmIdentifier for a Kyber public key <span class="bcp14">MUST</span> use one of the
-id-alg-kyber object identifiers listed below, based on the security
-level. The parameters field of the AlgorithmIdentifier for the Kyber
-public key <span class="bcp14">MUST</span> be absent.<a href="#section-4-1" class="pilcrow">¶</a></p>
-<p id="section-4-2">When any of the Kyber AlgorithmIdentifier appears in the
-SubjectPublicKeyInfo field of an X.509 certificate, the key usage
-certificate extension <span class="bcp14">MUST</span> only contain keyEncipherment
-<span><a href="https://rfc-editor.org/rfc/rfc5280#section-4.2.1.3" class="relref">Section 4.2.1.3</a> of [<a href="#RFC5280" class="cite xref">RFC5280</a>]</span>.<a href="#section-4-2" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-4-3">
-<pre>
-  pk-kyber-512 PUBLIC-KEY ::= {
-    IDENTIFIER id-alg-kyber-512
-    -- KEY no ASN.1 wrapping --
-    PARAMS ARE absent
-    CERT-KEY-USAGE
-      { keyEncipherment }
-    --- PRIVATE-KEY no ASN.1 wrapping --
-    }
-
-  pk-kyber-768 PUBLIC-KEY ::= {
-    IDENTIFIER id-alg-kyber-768
-    -- KEY no ASN.1 wrapping --
-    PARAMS ARE absent
-    CERT-KEY-USAGE
-      { keyEncipherment }
-    --- PRIVATE-KEY no ASN.1 wrapping --
-    }
-
-  pk-kyber-1024 PUBLIC-KEY ::= {
-    IDENTIFIER id-alg-kyber-1024
-    -- KEY no ASN.1 wrapping --
-    PARAMS ARE absent
-    CERT-KEY-USAGE
-      { keyEncipherment }
-    --- PRIVATE-KEY no ASN.1 wrapping --
-    }
-</pre><a href="#section-4-3" class="pilcrow">¶</a>
-</div>
-<aside id="section-4-4">
-        <p id="section-4-4.1">NOTE: As noted in Section 3, the values for these object identifers
-  will be assigned by NIST.  Once assigned, they will be added to a future
-  revision of this document.<a href="#section-4-4.1" class="pilcrow">¶</a></p>
-</aside>
-</section>
-</div>
-<div id="subject-public-key-fields">
-<section id="section-5">
-      <h2 id="name-subject-public-key-fields">
-<a href="#section-5" class="section-number selfRef">5. </a><a href="#name-subject-public-key-fields" class="section-name selfRef">Subject Public Key Fields</a>
-      </h2>
-<p id="section-5-1">In the X.509 certificate, the subjectPublicKeyInfo field has the
-SubjectPublicKeyInfo type, which has the following ASN.1 syntax:<a href="#section-5-1" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-5-2">
-<pre>
-  SubjectPublicKeyInfo {PUBLIC-KEY: IOSet} ::= SEQUENCE {
-      algorithm        AlgorithmIdentifier {PUBLIC-KEY, {IOSet}},
-      subjectPublicKey BIT STRING
-  }
-</pre><a href="#section-5-2" class="pilcrow">¶</a>
-</div>
-<aside id="section-5-3">
-        <p id="section-5-3.1">NOTE: The above syntax is from <span>[<a href="#RFC5912" class="cite xref">RFC5912</a>]</span> and is compatible with the
-  2021 ASN.1 syntax <span>[<a href="#X680" class="cite xref">X680</a>]</span>.<a href="#section-5-3.1" class="pilcrow">¶</a></p>
-</aside>
-<p id="section-5-4">The fields in SubjectPublicKeyInfo have the following meaning:<a href="#section-5-4" class="pilcrow">¶</a></p>
-<ul class="normal">
-<li class="normal" id="section-5-5.1">
-          <p id="section-5-5.1.1">algorithm is the algorithm identifier and parameters for the
-public key (see above).<a href="#section-5-5.1.1" class="pilcrow">¶</a></p>
-</li>
-        <li class="normal" id="section-5-5.2">
-          <p id="section-5-5.2.1">subjectPublicKey contains the byte stream of the public key.  The
-algorithms defined in this document always encode the public key
-as TODO pick format e.g., exact multiple of 8 bits?.<a href="#section-5-5.2.1" class="pilcrow">¶</a></p>
-</li>
-      </ul>
-<p id="section-5-6">The following is an example of a Kyber-512 public key encoded using the
-textual encoding defined in <span>[<a href="#RFC7468" class="cite xref">RFC7468</a>]</span>:<a href="#section-5-6" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-5-7">
-<pre>
-  -----BEGIN PUBLIC KEY-----
-  TODO insert example public key
-  -----END PUBLIC KEY-------
-</pre><a href="#section-5-7" class="pilcrow">¶</a>
-</div>
-</section>
-</div>
-<div id="private-key-format">
-<section id="section-6">
-      <h2 id="name-private-key-format">
-<a href="#section-6" class="section-number selfRef">6. </a><a href="#name-private-key-format" class="section-name selfRef">Private Key Format</a>
-      </h2>
-<p id="section-6-1">"Asymmetric Key Packages" <span>[<a href="#RFC5958" class="cite xref">RFC5958</a>]</span> describes how to encode a private
-key in a structure that both identifies what algorithm the private key
-is for and allows for the public key and additional attributes about the
-key to be included as well. For illustration, the ASN.1 structure
-OneAsymmetricKey is replicated below. The algorithm-specific details of
-how a private key is encoded are left for the document describing the
-algorithm itself.<a href="#section-6-1" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-6-2">
-<pre>
-  OneAsymmetricKey ::= SEQUENCE {
-    version                  Version,
-    privateKeyAlgorithm      SEQUENCE {
-    algorithm                PUBLIC-KEY.&amp;id({PublicKeySet}),
-    parameters               PUBLIC-KEY.&amp;Params({PublicKeySet}
-                               {@privateKeyAlgorithm.algorithm})
-                                  OPTIONAL}
-    privateKey               OCTET STRING (CONTAINING
-                               PUBLIC-KEY.&amp;PrivateKey({PublicKeySet}
-                                 {@privateKeyAlgorithm.algorithm})),
-    attributes           [0] Attributes OPTIONAL,
-    ...,
-    [[2: publicKey       [1] BIT STRING (CONTAINING
-                               PUBLIC-KEY.&amp;Params({PublicKeySet}
-                                 {@privateKeyAlgorithm.algorithm})
-                                 OPTIONAL,
-    ...
-  }
-
-  PrivateKey ::= OCTET STRING
-
-  PublicKey ::= BIT STRING
-</pre><a href="#section-6-2" class="pilcrow">¶</a>
-</div>
-<aside id="section-6-3">
-        <p id="section-6-3.1">NOTE: The above syntax is from <span>[<a href="#RFC5958" class="cite xref">RFC5958</a>]</span> and is compatible with the
-  2021 ASN.1 syntax <span>[<a href="#X680" class="cite xref">X680</a>]</span>.<a href="#section-6-3.1" class="pilcrow">¶</a></p>
-</aside>
-<p id="section-6-4">For the keys defined in this document, the private key is always an
-opaque byte sequence. The ASN.1 type PqckemPrivateKey is defined in
-this document to hold the byte sequence. Thus, when encoding a
-OneAsymmetricKey object, the private key is wrapped in a
-PqckemPrivateKey object and wrapped by the OCTET STRING of the
-"privateKey" field.<a href="#section-6-4" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-6-5">
-<pre>
-  PqckemPrivateKey ::= OCTET STRING
-</pre><a href="#section-6-5" class="pilcrow">¶</a>
-</div>
-<p id="section-6-6">The following is an example of a Kyber-512 private key encoded using the
-textual encoding defined in <span>[<a href="#RFC7468" class="cite xref">RFC7468</a>]</span>:<a href="#section-6-6" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-6-7">
-<pre>
-  -----BEGIN PRIVATE KEY-----
-  TODO iser example private key
-  -----END PRIVATE KEY-------
-</pre><a href="#section-6-7" class="pilcrow">¶</a>
-</div>
-<p id="section-6-8">The following example, in addition to encoding the Kyber-512 private key,
-has an attribute included as well as the public key. As with the
-prior example, the textual encoding defined in <span>[<a href="#RFC7468" class="cite xref">RFC7468</a>]</span> is used:<a href="#section-6-8" class="pilcrow">¶</a></p>
-<div class="alignLeft art-text artwork" id="section-6-9">
-<pre>
-  -----BEGIN PRIVATE KEY-----
-  TODO insert example private key with attribute
-  -----END PRIVATE KEY-------
-</pre><a href="#section-6-9" class="pilcrow">¶</a>
-</div>
-<aside id="section-6-10">
-        <p id="section-6-10.1">NOTE: There exist some private key import functions that have not
-  implemented the new ASN.1 structure OneAsymmetricKey that is defined in
-  <span>[<a href="#RFC5958" class="cite xref">RFC5958</a>]</span>. This means that they will not accept a private key
-  structure that contains the public key field.  This means a balancing
-  act needs to be done between being able to do a consistency check on the
-  key pair and widest ability to import the key.<a href="#section-6-10.1" class="pilcrow">¶</a></p>
-</aside>
-</section>
-</div>
-<div id="asn1-module">
-<section id="section-7">
-      <h2 id="name-asn1-module">
-<a href="#section-7" class="section-number selfRef">7. </a><a href="#name-asn1-module" class="section-name selfRef">ASN.1 Module</a>
-      </h2>
-<p id="section-7-1">TODO ASN.1 Module<a href="#section-7-1" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="security-considerations">
-<section id="section-8">
-      <h2 id="name-security-considerations">
-<a href="#section-8" class="section-number selfRef">8. </a><a href="#name-security-considerations" class="section-name selfRef">Security Considerations</a>
-      </h2>
-<p id="section-8-1">The Security Considerations section of <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span> applies to this specification as well.<a href="#section-8-1" class="pilcrow">¶</a></p>
-<aside id="section-8-2">
-        <p id="section-8-2.1">To Do: Discuss side-channels for Kyber TBD1.<a href="#section-8-2.1" class="pilcrow">¶</a></p>
-</aside>
-</section>
-</div>
-<div id="iana-considerations">
-<section id="section-9">
-      <h2 id="name-iana-considerations">
-<a href="#section-9" class="section-number selfRef">9. </a><a href="#name-iana-considerations" class="section-name selfRef">IANA Considerations</a>
-      </h2>
-<p id="section-9-1">This document will have some IANA actions.<a href="#section-9-1" class="pilcrow">¶</a></p>
-</section>
-</div>
-<section id="section-10">
-      <h2 id="name-references">
-<a href="#section-10" class="section-number selfRef">10. </a><a href="#name-references" class="section-name selfRef">References</a>
-      </h2>
-<div id="sec-normative-references">
-<section id="section-10.1">
-        <h3 id="name-normative-references">
-<a href="#section-10.1" class="section-number selfRef">10.1. </a><a href="#name-normative-references" class="section-name selfRef">Normative References</a>
-        </h3>
-<dl class="references">
-<dt id="RFC2119">[RFC2119]</dt>
-        <dd>
-<span class="refAuthor">Bradner, S.</span>, <span class="refTitle">"Key words for use in RFCs to Indicate Requirement Levels"</span>, <span class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 2119</span>, <span class="seriesInfo">DOI 10.17487/RFC2119</span>, <time datetime="1997-03" class="refDate">March 1997</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc2119">https://www.rfc-editor.org/rfc/rfc2119</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="RFC5280">[RFC5280]</dt>
-        <dd>
-<span class="refAuthor">Cooper, D.</span>, <span class="refAuthor">Santesson, S.</span>, <span class="refAuthor">Farrell, S.</span>, <span class="refAuthor">Boeyen, S.</span>, <span class="refAuthor">Housley, R.</span>, and <span class="refAuthor">W. Polk</span>, <span class="refTitle">"Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile"</span>, <span class="seriesInfo">RFC 5280</span>, <span class="seriesInfo">DOI 10.17487/RFC5280</span>, <time datetime="2008-05" class="refDate">May 2008</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc5280">https://www.rfc-editor.org/rfc/rfc5280</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="RFC5912">[RFC5912]</dt>
-        <dd>
-<span class="refAuthor">Hoffman, P.</span> and <span class="refAuthor">J. Schaad</span>, <span class="refTitle">"New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX)"</span>, <span class="seriesInfo">RFC 5912</span>, <span class="seriesInfo">DOI 10.17487/RFC5912</span>, <time datetime="2010-06" class="refDate">June 2010</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc5912">https://www.rfc-editor.org/rfc/rfc5912</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="RFC5958">[RFC5958]</dt>
-        <dd>
-<span class="refAuthor">Turner, S.</span>, <span class="refTitle">"Asymmetric Key Packages"</span>, <span class="seriesInfo">RFC 5958</span>, <span class="seriesInfo">DOI 10.17487/RFC5958</span>, <time datetime="2010-08" class="refDate">August 2010</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc5958">https://www.rfc-editor.org/rfc/rfc5958</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="RFC8174">[RFC8174]</dt>
-        <dd>
-<span class="refAuthor">Leiba, B.</span>, <span class="refTitle">"Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words"</span>, <span class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 8174</span>, <span class="seriesInfo">DOI 10.17487/RFC8174</span>, <time datetime="2017-05" class="refDate">May 2017</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc8174">https://www.rfc-editor.org/rfc/rfc8174</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="X680">[X680]</dt>
-        <dd>
-<span class="refAuthor">ITU-T</span>, <span class="refTitle">"Information technology - Abstract Syntax Notation One (ASN.1): Specification of basic notation"</span>, <span class="seriesInfo">ISO/IEC 8824-1:2021</span>, <time datetime="2021-02" class="refDate">February 2021</time>, <span>&lt;<a href="https://www.itu.int/rec/T-REC-X.680">https://www.itu.int/rec/T-REC-X.680</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="X690">[X690]</dt>
-      <dd>
-<span class="refAuthor">ITU-T</span>, <span class="refTitle">"Information technology - Abstract Syntax Notation One (ASN.1): ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)"</span>, <span class="seriesInfo">ISO/IEC 8825-1:2021</span>, <time datetime="2021-02" class="refDate">February 2021</time>, <span>&lt;<a href="https://www.itu.int/rec/T-REC-X.690">https://www.itu.int/rec/T-REC-X.690</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-</dl>
-</section>
-</div>
-<div id="sec-informative-references">
-<section id="section-10.2">
-        <h3 id="name-informative-references">
-<a href="#section-10.2" class="section-number selfRef">10.2. </a><a href="#name-informative-references" class="section-name selfRef">Informative References</a>
-        </h3>
-<dl class="references">
-<dt id="I-D.celi-wiggers-tls-authkem">[I-D.celi-wiggers-tls-authkem]</dt>
-        <dd>
-<span class="refAuthor">Wiggers, T.</span>, <span class="refAuthor">Celi, S.</span>, <span class="refAuthor">Schwabe, P.</span>, <span class="refAuthor">Stebila, D.</span>, and <span class="refAuthor">N. Sullivan</span>, <span class="refTitle">"KEM-based Authentication for TLS 1.3"</span>, <span class="refContent">Work in Progress</span>, <span class="seriesInfo">Internet-Draft, draft-celi-wiggers-tls-authkem-02</span>, <time datetime="2023-08-18" class="refDate">18 August 2023</time>, <span>&lt;<a href="https://datatracker.ietf.org/doc/html/draft-celi-wiggers-tls-authkem-02">https://datatracker.ietf.org/doc/html/draft-celi-wiggers-tls-authkem-02</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="I-D.ietf-lamps-kyber">[I-D.ietf-lamps-kyber]</dt>
-        <dd>
-<span class="refAuthor">Prat, J.</span> and <span class="refAuthor">M. Ounsworth</span>, <span class="refTitle">"Use of KYBER in the Cryptographic Message Syntax (CMS)"</span>, <span class="refContent">Work in Progress</span>, <span class="seriesInfo">Internet-Draft, draft-ietf-lamps-kyber-00</span>, <time datetime="2022-11-10" class="refDate">10 November 2022</time>, <span>&lt;<a href="https://datatracker.ietf.org/doc/html/draft-ietf-lamps-kyber-00">https://datatracker.ietf.org/doc/html/draft-ietf-lamps-kyber-00</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="PQCProj">[PQCProj]</dt>
-        <dd>
-<span class="refAuthor">National Institute of Standards and Technology</span>, <span class="refTitle">"Post-Quantum Cryptography Project"</span>, <time datetime="2016-12-20" class="refDate">20 December 2016</time>, <span>&lt;<a href="https://csrc.nist.gov/projects/post-quantum-cryptography">https://csrc.nist.gov/projects/post-quantum-cryptography</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-<dt id="RFC7468">[RFC7468]</dt>
-      <dd>
-<span class="refAuthor">Josefsson, S.</span> and <span class="refAuthor">S. Leonard</span>, <span class="refTitle">"Textual Encodings of PKIX, PKCS, and CMS Structures"</span>, <span class="seriesInfo">RFC 7468</span>, <span class="seriesInfo">DOI 10.17487/RFC7468</span>, <time datetime="2015-04" class="refDate">April 2015</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc7468">https://www.rfc-editor.org/rfc/rfc7468</a>&gt;</span>. </dd>
-<dd class="break"></dd>
-</dl>
-</section>
-</div>
-</section>
-<div id="acknowledgments">
-<section id="appendix-A">
-      <h2 id="name-acknowledgments">
-<a href="#name-acknowledgments" class="section-name selfRef">Acknowledgments</a>
-      </h2>
-<p id="appendix-A-1">TODO acknowledge.<a href="#appendix-A-1" class="pilcrow">¶</a></p>
-</section>
-</div>
-<div id="authors-addresses">
-<section id="appendix-B">
-      <h2 id="name-authors-addresses">
-<a href="#name-authors-addresses" class="section-name selfRef">Authors' Addresses</a>
-      </h2>
-<address class="vcard">
-        <div dir="auto" class="left"><span class="fn nameRole">Sean Turner</span></div>
-<div dir="auto" class="left"><span class="org">sn3rd</span></div>
-<div class="email">
-<span>Email:</span>
-<a href="mailto:sean@sn3rd.com" class="email">sean@sn3rd.com</a>
-</div>
-</address>
-<address class="vcard">
-        <div dir="auto" class="left"><span class="fn nameRole">Panos Kampanakis</span></div>
-<div dir="auto" class="left"><span class="org">AWS</span></div>
-<div class="email">
-<span>Email:</span>
-<a href="mailto:kpanos@amazon.com" class="email">kpanos@amazon.com</a>
-</div>
-</address>
-<address class="vcard">
-        <div dir="auto" class="left"><span class="fn nameRole">Jake Massimo</span></div>
-<div dir="auto" class="left"><span class="org">AWS</span></div>
-<div class="email">
-<span>Email:</span>
-<a href="mailto:jakemas@amazon.com" class="email">jakemas@amazon.com</a>
-</div>
-</address>
-<address class="vcard">
-        <div dir="auto" class="left"><span class="fn nameRole">Bas Westerbaan</span></div>
-<div dir="auto" class="left"><span class="org">Cloudflare</span></div>
-<div class="email">
-<span>Email:</span>
-<a href="mailto:bas@westerbaan.name" class="email">bas@westerbaan.name</a>
-</div>
-</address>
-</section>
-</div>
-<script>const toc = document.getElementById("toc");
-toc.querySelector("h2").addEventListener("click", e => {
-  toc.classList.toggle("active");
-});
-toc.querySelector("nav").addEventListener("click", e => {
-  toc.classList.remove("active");
-});
-</script>
-</body>
-</html>
diff --git a/seanturner-md-fix/draft-ietf-lamps-kyber-certificates.txt b/seanturner-md-fix/draft-ietf-lamps-kyber-certificates.txt
deleted file mode 100644
index 6a0a473..0000000
--- a/seanturner-md-fix/draft-ietf-lamps-kyber-certificates.txt
+++ /dev/null
@@ -1,415 +0,0 @@
-
-
-
-
-LAMPS                                                          S. Turner
-Internet-Draft                                                     sn3rd
-Intended status: Standards Track                           P. Kampanakis
-Expires: 8 May 2024                                           J. Massimo
-                                                                     AWS
-                                                           B. Westerbaan
-                                                              Cloudflare
-                                                         5 November 2023
-
-
-  Internet X.509 Public Key Infrastructure - Algorithm Identifiers for
-                                 Kyber
-               draft-ietf-lamps-kyber-certificates-latest
-
-Abstract
-
-   Kyber is a key-encapsulation mechanism (KEM).  This document
-   specifies algorithm identifiers and ASN.1 encoding format for Kyber
-   in public key certificates.  The encoding for public and private keys
-   are also provided.
-
-   [EDNOTE: This document is not expected to be finalized before the
-   NIST PQC Project has standardized PQ algorithms.  This specification
-   will use object identifiers for the new algorithms that are assigned
-   by NIST, and will use placeholders until these are released.]
-
-About This Document
-
-   This note is to be removed before publishing as an RFC.
-
-   The latest revision of this draft can be found at https://lamps-
-   wg.github.io/kyber-certificates/#go.draft-ietf-lamps-kyber-
-   certificates.html.  Status information for this document may be found
-   at https://datatracker.ietf.org/doc/draft-ietf-lamps-kyber-
-   certificates/.
-
-   Discussion of this document takes place on the Limited Additional
-   Mechanisms for PKIX and SMIME (lamps) Working Group mailing list
-   (mailto:spasm@ietf.org), which is archived at
-   https://mailarchive.ietf.org/arch/browse/spasm/.  Subscribe at
-   https://www.ietf.org/mailman/listinfo/spasm/.
-
-   Source for this draft and an issue tracker can be found at
-   https://github.com/lamps-wg/kyber-certificates.
-
-Status of This Memo
-
-   This Internet-Draft is submitted in full conformance with the
-   provisions of BCP 78 and BCP 79.
-
-   Internet-Drafts are working documents of the Internet Engineering
-   Task Force (IETF).  Note that other groups may also distribute
-   working documents as Internet-Drafts.  The list of current Internet-
-   Drafts is at https://datatracker.ietf.org/drafts/current/.
-
-   Internet-Drafts are draft documents valid for a maximum of six months
-   and may be updated, replaced, or obsoleted by other documents at any
-   time.  It is inappropriate to use Internet-Drafts as reference
-   material or to cite them other than as "work in progress."
-
-   This Internet-Draft will expire on 8 May 2024.
-
-Copyright Notice
-
-   Copyright (c) 2023 IETF Trust and the persons identified as the
-   document authors.  All rights reserved.
-
-   This document is subject to BCP 78 and the IETF Trust's Legal
-   Provisions Relating to IETF Documents (https://trustee.ietf.org/
-   license-info) in effect on the date of publication of this document.
-   Please review these documents carefully, as they describe your rights
-   and restrictions with respect to this document.  Code Components
-   extracted from this document must include Revised BSD License text as
-   described in Section 4.e of the Trust Legal Provisions and are
-   provided without warranty as described in the Revised BSD License.
-
-Table of Contents
-
-   1.  Introduction
-     1.1.  ASN.1 and Kyber Identifiers
-     1.2.  Applicability Statement
-   2.  Conventions and Definitions
-   3.  Algorithm Identifiers
-   4.  Kyber Public Key Identifiers
-   5.  Subject Public Key Fields
-   6.  Private Key Format
-   7.  ASN.1 Module
-   8.  Security Considerations
-   9.  IANA Considerations
-   10. References
-     10.1.  Normative References
-     10.2.  Informative References
-   Acknowledgments
-   Authors' Addresses
-
-1.  Introduction
-
-   Kyber is a key-encapsulation mechanism (KEM) standardized by the US
-   NIST PQC Project [PQCProj].  This document specifies the use of the
-   Kyber algorithm at three security levels: Kyber512, Kyber768, and
-   Kyber1024, in X.509 public key certificates; see [RFC5280].  Public
-   and private key encodings are also specified.
-
-1.1.  ASN.1 and Kyber Identifiers
-
-   An ASN.1 module [X680] is included for reference purposes.  Note that
-   as per [RFC5280], certificates use the Distinguished Encoding Rules;
-   see [X690].  Also note that NIST defined the object identifiers for
-   the Kyber algorithms in an ASN.1 modulle; see (TODO insert
-   reference).
-
-1.2.  Applicability Statement
-
-   Kyber certificates are used in protocols where the public key is used
-   to generate and encapsulate a shared secret used to derive a
-   symmetric key used to encrypt a payload; see [I-D.ietf-lamps-kyber].
-   To be used in TLS, Kyber certificates could only be used as end-
-   entity identity certificates and would require significant updates to
-   the protocol; see [I-D.celi-wiggers-tls-authkem].
-
-2.  Conventions and Definitions
-
-   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
-   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
-   "OPTIONAL" in this document are to be interpreted as described in
-   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
-   capitals, as shown here.
-
-3.  Algorithm Identifiers
-
-   Certificates conforming to [RFC5280] can convey a public key for any
-   public key algorithm.  The certificate indicates the algorithm
-   through an algorithm identifier.  An algorithm identifier consists of
-   an object identifier and optional parameters.
-
-   The AlgorithmIdentifier type, which is included herein for
-   convenience, is defined as follows:
-
-    AlgorithmIdentifier{ALGORITHM-TYPE, ALGORITHM-TYPE:AlgorithmSet} ::=
-      SEQUENCE {
-        algorithm   ALGORITHM-TYPE.&id({AlgorithmSet}),
-        parameters  ALGORITHM-TYPE.
-                      &Params({AlgorithmSet}{@algorithm}) OPTIONAL
-      }
-
-      |  NOTE: The above syntax is from [RFC5912] and is compatible with
-      |  the 2021 ASN.1 syntax [X680].
-
-   The fields in AlgorithmIdentifier have the following meanings:
-
-   *  algorithm identifies the cryptographic algorithm with an object
-      identifier.
-
-   *  parameters, which are optional, are the associated parameters for
-      the algorithm identifier in the algorithm field.
-
-   Section 4 includes object identifiers for Kyber-512, Kyber-768, and
-   Kyber-1024.  For all of these OIDs, the parameters MUST be absent.
-
-      |  NOTE: It is possible to find systems that require the
-      |  parameters to be present.  This can be due to either a defect
-      |  in the original 1997 syntax or a programming error where
-      |  developers never got input where this was not true.  The
-      |  optimal solution is to fix these systems; where this is not
-      |  possible, the problem needs to be restricted to that subsystem
-      |  and not propagated to the Internet.
-
-4.  Kyber Public Key Identifiers
-
-   The AlgorithmIdentifier for a Kyber public key MUST use one of the
-   id-alg-kyber object identifiers listed below, based on the security
-   level.  The parameters field of the AlgorithmIdentifier for the Kyber
-   public key MUST be absent.
-
-   When any of the Kyber AlgorithmIdentifier appears in the
-   SubjectPublicKeyInfo field of an X.509 certificate, the key usage
-   certificate extension MUST only contain keyEncipherment
-   Section 4.2.1.3 of [RFC5280].
-
-     pk-kyber-512 PUBLIC-KEY ::= {
-       IDENTIFIER id-alg-kyber-512
-       -- KEY no ASN.1 wrapping --
-       PARAMS ARE absent
-       CERT-KEY-USAGE
-         { keyEncipherment }
-       --- PRIVATE-KEY no ASN.1 wrapping --
-       }
-
-     pk-kyber-768 PUBLIC-KEY ::= {
-       IDENTIFIER id-alg-kyber-768
-       -- KEY no ASN.1 wrapping --
-       PARAMS ARE absent
-       CERT-KEY-USAGE
-         { keyEncipherment }
-       --- PRIVATE-KEY no ASN.1 wrapping --
-       }
-
-     pk-kyber-1024 PUBLIC-KEY ::= {
-       IDENTIFIER id-alg-kyber-1024
-       -- KEY no ASN.1 wrapping --
-       PARAMS ARE absent
-       CERT-KEY-USAGE
-         { keyEncipherment }
-       --- PRIVATE-KEY no ASN.1 wrapping --
-       }
-
-      |  NOTE: As noted in Section 3, the values for these object
-      |  identifers will be assigned by NIST.  Once assigned, they will
-      |  be added to a future revision of this document.
-
-5.  Subject Public Key Fields
-
-   In the X.509 certificate, the subjectPublicKeyInfo field has the
-   SubjectPublicKeyInfo type, which has the following ASN.1 syntax:
-
-     SubjectPublicKeyInfo {PUBLIC-KEY: IOSet} ::= SEQUENCE {
-         algorithm        AlgorithmIdentifier {PUBLIC-KEY, {IOSet}},
-         subjectPublicKey BIT STRING
-     }
-
-      |  NOTE: The above syntax is from [RFC5912] and is compatible with
-      |  the 2021 ASN.1 syntax [X680].
-
-   The fields in SubjectPublicKeyInfo have the following meaning:
-
-   *  algorithm is the algorithm identifier and parameters for the
-      public key (see above).
-
-   *  subjectPublicKey contains the byte stream of the public key.  The
-      algorithms defined in this document always encode the public key
-      as TODO pick format e.g., exact multiple of 8 bits?.
-
-   The following is an example of a Kyber-512 public key encoded using
-   the textual encoding defined in [RFC7468]:
-
-     -----BEGIN PUBLIC KEY-----
-     TODO insert example public key
-     -----END PUBLIC KEY-------
-
-6.  Private Key Format
-
-   "Asymmetric Key Packages" [RFC5958] describes how to encode a private
-   key in a structure that both identifies what algorithm the private
-   key is for and allows for the public key and additional attributes
-   about the key to be included as well.  For illustration, the ASN.1
-   structure OneAsymmetricKey is replicated below.  The algorithm-
-   specific details of how a private key is encoded are left for the
-   document describing the algorithm itself.
-
-     OneAsymmetricKey ::= SEQUENCE {
-       version                  Version,
-       privateKeyAlgorithm      SEQUENCE {
-       algorithm                PUBLIC-KEY.&id({PublicKeySet}),
-       parameters               PUBLIC-KEY.&Params({PublicKeySet}
-                                  {@privateKeyAlgorithm.algorithm})
-                                     OPTIONAL}
-       privateKey               OCTET STRING (CONTAINING
-                                  PUBLIC-KEY.&PrivateKey({PublicKeySet}
-                                    {@privateKeyAlgorithm.algorithm})),
-       attributes           [0] Attributes OPTIONAL,
-       ...,
-       [[2: publicKey       [1] BIT STRING (CONTAINING
-                                  PUBLIC-KEY.&Params({PublicKeySet}
-                                    {@privateKeyAlgorithm.algorithm})
-                                    OPTIONAL,
-       ...
-     }
-
-     PrivateKey ::= OCTET STRING
-
-     PublicKey ::= BIT STRING
-
-      |  NOTE: The above syntax is from [RFC5958] and is compatible with
-      |  the 2021 ASN.1 syntax [X680].
-
-   For the keys defined in this document, the private key is always an
-   opaque byte sequence.  The ASN.1 type PqckemPrivateKey is defined in
-   this document to hold the byte sequence.  Thus, when encoding a
-   OneAsymmetricKey object, the private key is wrapped in a
-   PqckemPrivateKey object and wrapped by the OCTET STRING of the
-   "privateKey" field.
-
-     PqckemPrivateKey ::= OCTET STRING
-
-   The following is an example of a Kyber-512 private key encoded using
-   the textual encoding defined in [RFC7468]:
-
-     -----BEGIN PRIVATE KEY-----
-     TODO iser example private key
-     -----END PRIVATE KEY-------
-
-   The following example, in addition to encoding the Kyber-512 private
-   key, has an attribute included as well as the public key.  As with
-   the prior example, the textual encoding defined in [RFC7468] is used:
-
-     -----BEGIN PRIVATE KEY-----
-     TODO insert example private key with attribute
-     -----END PRIVATE KEY-------
-
-      |  NOTE: There exist some private key import functions that have
-      |  not implemented the new ASN.1 structure OneAsymmetricKey that
-      |  is defined in [RFC5958].  This means that they will not accept
-      |  a private key structure that contains the public key field.
-      |  This means a balancing act needs to be done between being able
-      |  to do a consistency check on the key pair and widest ability to
-      |  import the key.
-
-7.  ASN.1 Module
-
-   TODO ASN.1 Module
-
-8.  Security Considerations
-
-   The Security Considerations section of [RFC5280] applies to this
-   specification as well.
-
-      |  To Do: Discuss side-channels for Kyber TBD1.
-
-9.  IANA Considerations
-
-   This document will have some IANA actions.
-
-10.  References
-
-10.1.  Normative References
-
-   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
-              Requirement Levels", BCP 14, RFC 2119,
-              DOI 10.17487/RFC2119, March 1997,
-              <https://www.rfc-editor.org/rfc/rfc2119>.
-
-   [RFC5280]  Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
-              Housley, R., and W. Polk, "Internet X.509 Public Key
-              Infrastructure Certificate and Certificate Revocation List
-              (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
-              <https://www.rfc-editor.org/rfc/rfc5280>.
-
-   [RFC5912]  Hoffman, P. and J. Schaad, "New ASN.1 Modules for the
-              Public Key Infrastructure Using X.509 (PKIX)", RFC 5912,
-              DOI 10.17487/RFC5912, June 2010,
-              <https://www.rfc-editor.org/rfc/rfc5912>.
-
-   [RFC5958]  Turner, S., "Asymmetric Key Packages", RFC 5958,
-              DOI 10.17487/RFC5958, August 2010,
-              <https://www.rfc-editor.org/rfc/rfc5958>.
-
-   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
-              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
-              May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.
-
-   [X680]     ITU-T, "Information technology - Abstract Syntax Notation
-              One (ASN.1): Specification of basic notation", ISO/
-              IEC 8824-1:2021, February 2021,
-              <https://www.itu.int/rec/T-REC-X.680>.
-
-   [X690]     ITU-T, "Information technology - Abstract Syntax Notation
-              One (ASN.1): ASN.1 encoding rules: Specification of Basic
-              Encoding Rules (BER), Canonical Encoding Rules (CER) and
-              Distinguished Encoding Rules (DER)", ISO/IEC 8825-1:2021,
-              February 2021, <https://www.itu.int/rec/T-REC-X.690>.
-
-10.2.  Informative References
-
-   [I-D.celi-wiggers-tls-authkem]
-              Wiggers, T., Celi, S., Schwabe, P., Stebila, D., and N.
-              Sullivan, "KEM-based Authentication for TLS 1.3", Work in
-              Progress, Internet-Draft, draft-celi-wiggers-tls-authkem-
-              02, 18 August 2023,
-              <https://datatracker.ietf.org/doc/html/draft-celi-wiggers-
-              tls-authkem-02>.
-
-   [I-D.ietf-lamps-kyber]
-              Prat, J. and M. Ounsworth, "Use of KYBER in the
-              Cryptographic Message Syntax (CMS)", Work in Progress,
-              Internet-Draft, draft-ietf-lamps-kyber-00, 10 November
-              2022, <https://datatracker.ietf.org/doc/html/draft-ietf-
-              lamps-kyber-00>.
-
-   [PQCProj]  National Institute of Standards and Technology, "Post-
-              Quantum Cryptography Project", 20 December 2016,
-              <https://csrc.nist.gov/projects/post-quantum-
-              cryptography>.
-
-   [RFC7468]  Josefsson, S. and S. Leonard, "Textual Encodings of PKIX,
-              PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468,
-              April 2015, <https://www.rfc-editor.org/rfc/rfc7468>.
-
-Acknowledgments
-
-   TODO acknowledge.
-
-Authors' Addresses
-
-   Sean Turner
-   sn3rd
-   Email: sean@sn3rd.com
-
-
-   Panos Kampanakis
-   AWS
-   Email: kpanos@amazon.com
-
-
-   Jake Massimo
-   AWS
-   Email: jakemas@amazon.com
-
-
-   Bas Westerbaan
-   Cloudflare
-   Email: bas@westerbaan.name
diff --git a/seanturner-md-fix/index.html b/seanturner-md-fix/index.html
deleted file mode 100644
index 9213591..0000000
--- a/seanturner-md-fix/index.html
+++ /dev/null
@@ -1,50 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <title>lamps-wg/kyber-certificates seanturner-md-fix preview</title>
-    <meta name="viewport" content="initial-scale=1.0">
-    <style type="text/css">/*<![CDATA[*/
-      body { font-family: "Helvetica Neue","Open Sans", Helvetica, Calibri,sans-serif; }
-      h1, h2, td { font-family: "Helvetica Neue", "Roboto Condensed", "Open Sans", Helvetica, Calibri, sans-serif; }
-      h1 { font-size: 20px; } h2 { font-size: 16px; }
-      table { margin: 5px 10px; border-collapse: collapse; }
-      th, td { font-weight: normal; text-align: left; padding: 2px 5px; }
-      a:link { color: #000; } a:visited { color: #00a; }
-    /*]]>*/</style>
-  </head>
-  <body>
-    <h1>Editor's drafts for seanturner-md-fix branch of <a href="https://github.com/lamps-wg/kyber-certificates/tree/seanturner-md-fix">lamps-wg/kyber-certificates</a></h1>
-    <table id="branch-seanturner-md-fix">
-      <tr>
-        <td><a href="./draft-ietf-lamps-kyber-certificates.html" class="html draft-ietf-lamps-kyber-certificates" title="Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Kyber (HTML)">PQC Kyber in Certificates</a></td>
-        <td><a href="./draft-ietf-lamps-kyber-certificates.txt" class="txt draft-ietf-lamps-kyber-certificates" title="Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Kyber (Text)">plain text</a></td>
-        <td>same as main</td>
-      </tr>
-      <tr>
-        <td><a href="./draft-turner-lamps-nist-pqc-kem-certificates.html" class="html draft-turner-lamps-nist-pqc-kem-certificates" title="Algorithm Identifiers for NIST's PQC Algorithms for Use in the Internet X.509 Public Key Infrastructure (HTML)">PQC KEM for Certificates</a></td>
-        <td><a href="./draft-turner-lamps-nist-pqc-kem-certificates.txt" class="txt draft-turner-lamps-nist-pqc-kem-certificates" title="Algorithm Identifiers for NIST's PQC Algorithms for Use in the Internet X.509 Public Key Infrastructure (Text)">plain text</a></td>
-        <td>same as main</td>
-      </tr>
-    </table>
-    <script>
-window.onload = function() {
-  var referrer_branch = 'main';
-  // e.g., "https://github.com/user/repo/tree/main"
-  var chunks = document.referrer.split("/");
-  if (chunks[2] === 'github.com' && chunks[5] === 'tree') {
-    referrer_branch = chunks[6];
-  }
-  let branch = document.querySelector('#branch-' + referrer_branch);
-  let h = document.location.hash.substring(1);
-  if (h === 'show') {
-    document.location.hash = '#' + branch.id;
-  } else if (branch && h.startsWith('go')) {
-    let e = branch.querySelector(h.substring(2));
-    if (e && e.href) {
-      document.location = e.href;
-    }
-  }
-};
-    </script>
-  </body>
-</html>
diff --git a/draft-ietf-lamps-kyber-certificates-02/draft-ietf-lamps-kyber-certificates.html b/seanturner-name-change/draft-ietf-lamps-kyber-certificates.html
similarity index 92%
rename from draft-ietf-lamps-kyber-certificates-02/draft-ietf-lamps-kyber-certificates.html
rename to seanturner-name-change/draft-ietf-lamps-kyber-certificates.html
index 63e1820..b2dd06b 100644
--- a/draft-ietf-lamps-kyber-certificates-02/draft-ietf-lamps-kyber-certificates.html
+++ b/seanturner-name-change/draft-ietf-lamps-kyber-certificates.html
@@ -4,40 +4,41 @@
 <meta charset="utf-8">
 <meta content="Common,Latin" name="scripts">
 <meta content="initial-scale=1.0" name="viewport">
-<title>Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Kyber</title>
+<title>Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM)</title>
 <meta content="Sean Turner" name="author">
 <meta content="Panos Kampanakis" name="author">
 <meta content="Jake Massimo" name="author">
 <meta content="Bas Westerbaan" name="author">
 <meta content="
-       Kyber is a key-encapsulation mechanism (KEM). This document specifies
-algorithm identifiers and ASN.1 encoding format for Kyber in public
-key certificates. The encoding for public and private keys are also
-provided. 
+       Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM), also
+known as Kyber, is a key-encapsulation mechanism (KEM). This
+document specifies algorithm identifiers and ASN.1 encoding
+format for ML-KEM in public key certificates. The encoding for
+public and private keys are also provided. 
        \ [EDNOTE:
 This document is not expected to be finalized before the NIST PQC
 Project has standardized PQ algorithms. This specification will use
 object identifiers for the new algorithms that are assigned by NIST,
 and will use placeholders until these are released. 
     " name="description">
-<meta content="xml2rfc 3.18.2" name="generator">
+<meta content="xml2rfc 3.19.0" name="generator">
 <meta content="Kyber KEM Certificate X.509 PKIX" name="keyword">
 <meta content="draft-ietf-lamps-kyber-certificates-latest" name="ietf.draft">
 <!-- Generator version information:
-  xml2rfc 3.18.2
+  xml2rfc 3.19.0
     Python 3.11.6
-    ConfigArgParse 1.5.3
+    ConfigArgParse 1.7
     google-i18n-address 3.1.0
     intervaltree 3.1.0
     Jinja2 3.1.2
     lxml 4.9.3
-    platformdirs 3.11.0
+    platformdirs 4.1.0
     pycountry 22.3.5
-    PyYAML 6.0
+    PyYAML 6.0.1
     requests 2.31.0
-    setuptools 67.7.2
+    setuptools 68.2.2
     six 1.16.0
-    wcwidth 0.2.8
+    wcwidth 0.2.12
 -->
 <link href="draft-ietf-lamps-kyber-certificates.xml" rel="alternate" type="application/rfc+xml">
 <link href="#copyright" rel="license">
@@ -1035,12 +1036,12 @@
 <table class="ears">
 <thead><tr>
 <td class="left">Internet-Draft</td>
-<td class="center">PQC Kyber in Certificates</td>
-<td class="right">October 2023</td>
+<td class="center">ML-KEM in Certificates</td>
+<td class="right">December 2023</td>
 </tr></thead>
 <tfoot><tr>
 <td class="left">Turner, et al.</td>
-<td class="center">Expires 25 April 2024</td>
+<td class="center">Expires 22 June 2024</td>
 <td class="right">[Page]</td>
 </tr></tfoot>
 </table>
@@ -1053,12 +1054,12 @@
 <dd class="internet-draft">draft-ietf-lamps-kyber-certificates-latest</dd>
 <dt class="label-published">Published:</dt>
 <dd class="published">
-<time datetime="2023-10-23" class="published">23 October 2023</time>
+<time datetime="2023-12-20" class="published">20 December 2023</time>
     </dd>
 <dt class="label-intended-status">Intended Status:</dt>
 <dd class="intended-status">Standards Track</dd>
 <dt class="label-expires">Expires:</dt>
-<dd class="expires"><time datetime="2024-04-25">25 April 2024</time></dd>
+<dd class="expires"><time datetime="2024-06-22">22 June 2024</time></dd>
 <dt class="label-authors">Authors:</dt>
 <dd class="authors">
 <div class="author">
@@ -1080,13 +1081,14 @@
 </dd>
 </dl>
 </div>
-<h1 id="title">Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Kyber</h1>
+<h1 id="title">Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM)</h1>
 <section id="section-abstract">
       <h2 id="abstract"><a href="#abstract" class="selfRef">Abstract</a></h2>
-<p id="section-abstract-1">Kyber is a key-encapsulation mechanism (KEM). This document specifies
-algorithm identifiers and ASN.1 encoding format for Kyber in public
-key certificates. The encoding for public and private keys are also
-provided.<a href="#section-abstract-1" class="pilcrow">¶</a></p>
+<p id="section-abstract-1">Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM), also
+known as Kyber, is a key-encapsulation mechanism (KEM). This
+document specifies algorithm identifiers and ASN.1 encoding
+format for ML-KEM in public key certificates. The encoding for
+public and private keys are also provided.<a href="#section-abstract-1" class="pilcrow">¶</a></p>
 <p id="section-abstract-2">\ [EDNOTE:
 This document is not expected to be finalized before the NIST PQC
 Project has standardized PQ algorithms. This specification will use
@@ -1128,7 +1130,7 @@ <h2 id="name-status-of-this-memo">
         time. It is inappropriate to use Internet-Drafts as reference
         material or to cite them other than as "work in progress."<a href="#section-boilerplate.1-3" class="pilcrow">¶</a></p>
 <p id="section-boilerplate.1-4">
-        This Internet-Draft will expire on 25 April 2024.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
+        This Internet-Draft will expire on 22 June 2024.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="copyright">
@@ -1161,7 +1163,7 @@ <h2 id="name-copyright-notice">
             <p id="section-toc.1-1.1.1" class="keepWithNext"><a href="#section-1" class="auto internal xref">1</a>.  <a href="#name-introduction" class="internal xref">Introduction</a></p>
 <ul class="compact toc ulBare ulEmpty">
 <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.1.2.1">
-                <p id="section-toc.1-1.1.2.1.1" class="keepWithNext"><a href="#section-1.1" class="auto internal xref">1.1</a>.  <a href="#name-asn1-and-kyber-identifiers" class="internal xref">ASN.1 and Kyber Identifiers</a></p>
+                <p id="section-toc.1-1.1.2.1.1" class="keepWithNext"><a href="#section-1.1" class="auto internal xref">1.1</a>.  <a href="#name-asn1-and-ml-kem-identifiers" class="internal xref">ASN.1 and ML-KEM Identifiers</a></p>
 </li>
               <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.1.2.2">
                 <p id="section-toc.1-1.1.2.2.1" class="keepWithNext"><a href="#section-1.2" class="auto internal xref">1.2</a>.  <a href="#name-applicability-statement" class="internal xref">Applicability Statement</a></p>
@@ -1175,7 +1177,7 @@ <h2 id="name-copyright-notice">
             <p id="section-toc.1-1.3.1"><a href="#section-3" class="auto internal xref">3</a>.  <a href="#name-algorithm-identifiers" class="internal xref">Algorithm Identifiers</a></p>
 </li>
           <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4">
-            <p id="section-toc.1-1.4.1"><a href="#section-4" class="auto internal xref">4</a>.  <a href="#name-kyber-public-key-identifier" class="internal xref">Kyber Public Key Identifiers</a></p>
+            <p id="section-toc.1-1.4.1"><a href="#section-4" class="auto internal xref">4</a>.  <a href="#name-ml-kem-public-key-identifie" class="internal xref">ML-KEM Public Key Identifiers</a></p>
 </li>
           <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5">
             <p id="section-toc.1-1.5.1"><a href="#section-5" class="auto internal xref">5</a>.  <a href="#name-subject-public-key-fields" class="internal xref">Subject Public Key Fields</a></p>
@@ -1218,20 +1220,21 @@ <h2 id="name-copyright-notice">
       <h2 id="name-introduction">
 <a href="#section-1" class="section-number selfRef">1. </a><a href="#name-introduction" class="section-name selfRef">Introduction</a>
       </h2>
-<p id="section-1-1">Kyber is a key-encapsulation mechanism (KEM) standardized by the US NIST
-PQC Project <span>[<a href="#PQCProj" class="cite xref">PQCProj</a>]</span>. This document specifies the use of the Kyber
-algorithm at three security levels: Kyber512, Kyber768, and Kyber1024,
-in X.509 public key certificates; see <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span>. Public and private
-key encodings are also specified.<a href="#section-1-1" class="pilcrow">¶</a></p>
-<div id="asn1-and-kyber-identifiers">
+<p id="section-1-1">Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM), also
+known as Kyber, is a key-encapsulation mechanism (KEM) standardized
+by the US NIST PQC Project <span>[<a href="#DRAFTFIPS203" class="cite xref">DRAFTFIPS203</a>]</span>. This document specifies the
+use of the ML-KEM algorithm at three security levels: ML-KEM-512,
+ML-KEM-768, and ML-KEM-1024, in X.509 public key certificates; see
+<span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span>. Public and private key encodings are also specified.<a href="#section-1-1" class="pilcrow">¶</a></p>
+<div id="asn1-and-ml-kem-identifiers">
 <section id="section-1.1">
-        <h3 id="name-asn1-and-kyber-identifiers">
-<a href="#section-1.1" class="section-number selfRef">1.1. </a><a href="#name-asn1-and-kyber-identifiers" class="section-name selfRef">ASN.1 and Kyber Identifiers</a>
+        <h3 id="name-asn1-and-ml-kem-identifiers">
+<a href="#section-1.1" class="section-number selfRef">1.1. </a><a href="#name-asn1-and-ml-kem-identifiers" class="section-name selfRef">ASN.1 and ML-KEM Identifiers</a>
         </h3>
 <p id="section-1.1-1">An ASN.1 module <span>[<a href="#X680" class="cite xref">X680</a>]</span> is included for reference purposes. Note that
 as per <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span>, certificates use the Distinguished Encoding Rules;
 see <span>[<a href="#X690" class="cite xref">X690</a>]</span>. Also note that NIST defined the object identifiers for
-the Kyber algorithms in an ASN.1 modulle; see (TODO insert reference).<a href="#section-1.1-1" class="pilcrow">¶</a></p>
+the ML-KEM algorithms in an ASN.1 modulle; see (TODO insert reference).<a href="#section-1.1-1" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="applicability-statement">
@@ -1239,10 +1242,10 @@ <h3 id="name-asn1-and-kyber-identifiers">
         <h3 id="name-applicability-statement">
 <a href="#section-1.2" class="section-number selfRef">1.2. </a><a href="#name-applicability-statement" class="section-name selfRef">Applicability Statement</a>
         </h3>
-<p id="section-1.2-1">Kyber certificates are used in protocols where the public key is used to
+<p id="section-1.2-1">ML-KEM certificates are used in protocols where the public key is used to
 generate and encapsulate a shared secret used to derive a symmetric key used to
 encrypt a payload; see <span>[<a href="#I-D.ietf-lamps-kyber" class="cite xref">I-D.ietf-lamps-kyber</a>]</span>. To be used in
-TLS, Kyber certificates could only be used as end-entity identity
+TLS, ML-KEM certificates could only be used as end-entity identity
 certificates and would require significant updates to the protocol; see
 <span>[<a href="#I-D.celi-wiggers-tls-authkem" class="cite xref">I-D.celi-wiggers-tls-authkem</a>]</span>.<a href="#section-1.2-1" class="pilcrow">¶</a></p>
 </section>
@@ -1296,8 +1299,8 @@ <h2 id="name-algorithm-identifiers">
 the algorithm identifier in the algorithm field.<a href="#section-3-6.2.1" class="pilcrow">¶</a></p>
 </li>
       </ul>
-<p id="section-3-7"><a href="#Kyber-TBD1" class="auto internal xref">Section 4</a> includes object identifiers for Kyber-512, Kyber-768, and
-Kyber-1024. For all of these OIDs, the parameters <span class="bcp14">MUST</span> be absent.<a href="#section-3-7" class="pilcrow">¶</a></p>
+<p id="section-3-7"><a href="#ML-KEM-TBD1" class="auto internal xref">Section 4</a> includes object identifiers for ML-KEM-512, ML-KEM-768, and
+ML-KEM-1024. For all of these OIDs, the parameters <span class="bcp14">MUST</span> be absent.<a href="#section-3-7" class="pilcrow">¶</a></p>
 <aside id="section-3-8">
         <p id="section-3-8.1">: It is possible to find systems that require the parameters to be
   present. This can be due to either a defect in the original 1997
@@ -1308,23 +1311,23 @@ <h2 id="name-algorithm-identifiers">
 </aside>
 </section>
 </div>
-<div id="Kyber-TBD1">
+<div id="ML-KEM-TBD1">
 <section id="section-4">
-      <h2 id="name-kyber-public-key-identifier">
-<a href="#section-4" class="section-number selfRef">4. </a><a href="#name-kyber-public-key-identifier" class="section-name selfRef">Kyber Public Key Identifiers</a>
+      <h2 id="name-ml-kem-public-key-identifie">
+<a href="#section-4" class="section-number selfRef">4. </a><a href="#name-ml-kem-public-key-identifie" class="section-name selfRef">ML-KEM Public Key Identifiers</a>
       </h2>
-<p id="section-4-1">The AlgorithmIdentifier for a Kyber public key <span class="bcp14">MUST</span> use one of the
-id-alg-kyber object identifiers listed below, based on the security
-level. The parameters field of the AlgorithmIdentifier for the Kyber
+<p id="section-4-1">The AlgorithmIdentifier for a ML-KEM public key <span class="bcp14">MUST</span> use one of the
+id-alg-ml-kem object identifiers listed below, based on the security
+level. The parameters field of the AlgorithmIdentifier for the ML-KEM
 public key <span class="bcp14">MUST</span> be absent.<a href="#section-4-1" class="pilcrow">¶</a></p>
-<p id="section-4-2">When any of the Kyber AlgorithmIdentifier appears in the
+<p id="section-4-2">When any of the ML-KEM AlgorithmIdentifier appears in the
 SubjectPublicKeyInfo field of an X.509 certificate, the key usage
 certificate extension <span class="bcp14">MUST</span> only contain keyEncipherment
 <span><a href="https://rfc-editor.org/rfc/rfc5280#section-4.2.1.3" class="relref">Section 4.2.1.3</a> of [<a href="#RFC5280" class="cite xref">RFC5280</a>]</span>.<a href="#section-4-2" class="pilcrow">¶</a></p>
 <div class="alignLeft art-text artwork" id="section-4-3">
 <pre>
-  pk-kyber-512 PUBLIC-KEY ::= {
-    IDENTIFIER id-alg-kyber-512
+  pk-ml-kem-512 PUBLIC-KEY ::= {
+    IDENTIFIER id-alg-ml-kem-512
     -- KEY no ASN.1 wrapping --
     PARAMS ARE absent
     CERT-KEY-USAGE
@@ -1332,8 +1335,8 @@ <h2 id="name-kyber-public-key-identifier">
     --- PRIVATE-KEY no ASN.1 wrapping --
     }
 
-  pk-kyber-768 PUBLIC-KEY ::= {
-    IDENTIFIER id-alg-kyber-768
+  pk-ml-kem-768 PUBLIC-KEY ::= {
+    IDENTIFIER id-alg-ml-kem-768
     -- KEY no ASN.1 wrapping --
     PARAMS ARE absent
     CERT-KEY-USAGE
@@ -1341,8 +1344,8 @@ <h2 id="name-kyber-public-key-identifier">
     --- PRIVATE-KEY no ASN.1 wrapping --
     }
 
-  pk-kyber-1024 PUBLIC-KEY ::= {
-    IDENTIFIER id-alg-kyber-1024
+  pk-ml-kem-1024 PUBLIC-KEY ::= {
+    IDENTIFIER id-alg-ml-kem-1024
     -- KEY no ASN.1 wrapping --
     PARAMS ARE absent
     CERT-KEY-USAGE
@@ -1389,7 +1392,7 @@ <h2 id="name-subject-public-key-fields">
 as TODO pick format e.g., exact multiple of 8 bits?.<a href="#section-5-5.2.1" class="pilcrow">¶</a></p>
 </li>
       </ul>
-<p id="section-5-6">The following is an example of a Kyber-512 public key encoded using the
+<p id="section-5-6">The following is an example of a ML-KEM-512 public key encoded using the
 textual encoding defined in <span>[<a href="#RFC7468" class="cite xref">RFC7468</a>]</span>:<a href="#section-5-6" class="pilcrow">¶</a></p>
 <div class="alignLeft art-text artwork" id="section-5-7">
 <pre>
@@ -1453,7 +1456,7 @@ <h2 id="name-private-key-format">
   PqckemPrivateKey ::= OCTET STRING
 </pre><a href="#section-6-5" class="pilcrow">¶</a>
 </div>
-<p id="section-6-6">The following is an example of a Kyber-512 private key encoded using the
+<p id="section-6-6">The following is an example of a ML-KEM-512 private key encoded using the
 textual encoding defined in <span>[<a href="#RFC7468" class="cite xref">RFC7468</a>]</span>:<a href="#section-6-6" class="pilcrow">¶</a></p>
 <div class="alignLeft art-text artwork" id="section-6-7">
 <pre>
@@ -1462,7 +1465,7 @@ <h2 id="name-private-key-format">
   -----END PRIVATE KEY-------
 </pre><a href="#section-6-7" class="pilcrow">¶</a>
 </div>
-<p id="section-6-8">The following example, in addition to encoding the Kyber-512 private key,
+<p id="section-6-8">The following example, in addition to encoding the ML-KEM-512 private key,
 has an attribute included as well as the public key. As with the
 prior example, the textual encoding defined in <span>[<a href="#RFC7468" class="cite xref">RFC7468</a>]</span> is used:<a href="#section-6-8" class="pilcrow">¶</a></p>
 <div class="alignLeft art-text artwork" id="section-6-9">
@@ -1496,7 +1499,7 @@ <h2 id="name-security-considerations">
 <a href="#section-8" class="section-number selfRef">8. </a><a href="#name-security-considerations" class="section-name selfRef">Security Considerations</a>
       </h2>
 <p id="section-8-1">The Security Considerations section of <span>[<a href="#RFC5280" class="cite xref">RFC5280</a>]</span> applies to this specification as well.<a href="#section-8-1" class="pilcrow">¶</a></p>
-<p id="section-8-2">[EDNOTE: Discuss side-channels for Kyber TBD1.]<a href="#section-8-2" class="pilcrow">¶</a></p>
+<p id="section-8-2">[EDNOTE: Discuss side-channels for ML-KEM TBD1.]<a href="#section-8-2" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="iana-considerations">
@@ -1554,6 +1557,10 @@ <h3 id="name-informative-references">
 <a href="#section-10.2" class="section-number selfRef">10.2. </a><a href="#name-informative-references" class="section-name selfRef">Informative References</a>
         </h3>
 <dl class="references">
+<dt id="DRAFTFIPS203">[DRAFTFIPS203]</dt>
+        <dd>
+<span class="refAuthor">National Institute of Standards and Technology (NIST)</span>, <span class="refTitle">"DRAFT Module-Lattice-based Key-Encapsulation Mechanism Standard"</span>, <span class="seriesInfo">FIPS PUB 203</span>, <time datetime="2023-08" class="refDate">August 2023</time>, <span>&lt;<a href="https://csrc.nist.gov/projects/post-quantum-cryptography">https://csrc.nist.gov/projects/post-quantum-cryptography</a>&gt;</span>. </dd>
+<dd class="break"></dd>
 <dt id="I-D.celi-wiggers-tls-authkem">[I-D.celi-wiggers-tls-authkem]</dt>
         <dd>
 <span class="refAuthor">Wiggers, T.</span>, <span class="refAuthor">Celi, S.</span>, <span class="refAuthor">Schwabe, P.</span>, <span class="refAuthor">Stebila, D.</span>, and <span class="refAuthor">N. Sullivan</span>, <span class="refTitle">"KEM-based Authentication for TLS 1.3"</span>, <span class="refContent">Work in Progress</span>, <span class="seriesInfo">Internet-Draft, draft-celi-wiggers-tls-authkem-02</span>, <time datetime="2023-08-18" class="refDate">18 August 2023</time>, <span>&lt;<a href="https://datatracker.ietf.org/doc/html/draft-celi-wiggers-tls-authkem-02">https://datatracker.ietf.org/doc/html/draft-celi-wiggers-tls-authkem-02</a>&gt;</span>. </dd>
@@ -1562,10 +1569,6 @@ <h3 id="name-informative-references">
         <dd>
 <span class="refAuthor">Prat, J.</span> and <span class="refAuthor">M. Ounsworth</span>, <span class="refTitle">"Use of KYBER in the Cryptographic Message Syntax (CMS)"</span>, <span class="refContent">Work in Progress</span>, <span class="seriesInfo">Internet-Draft, draft-ietf-lamps-kyber-00</span>, <time datetime="2022-11-10" class="refDate">10 November 2022</time>, <span>&lt;<a href="https://datatracker.ietf.org/doc/html/draft-ietf-lamps-kyber-00">https://datatracker.ietf.org/doc/html/draft-ietf-lamps-kyber-00</a>&gt;</span>. </dd>
 <dd class="break"></dd>
-<dt id="PQCProj">[PQCProj]</dt>
-        <dd>
-<span class="refAuthor">National Institute of Standards and Technology</span>, <span class="refTitle">"Post-Quantum Cryptography Project"</span>, <time datetime="2016-12-20" class="refDate">20 December 2016</time>, <span>&lt;<a href="https://csrc.nist.gov/projects/post-quantum-cryptography">https://csrc.nist.gov/projects/post-quantum-cryptography</a>&gt;</span>. </dd>
-<dd class="break"></dd>
 <dt id="RFC7468">[RFC7468]</dt>
       <dd>
 <span class="refAuthor">Josefsson, S.</span> and <span class="refAuthor">S. Leonard</span>, <span class="refTitle">"Textual Encodings of PKIX, PKCS, and CMS Structures"</span>, <span class="seriesInfo">RFC 7468</span>, <span class="seriesInfo">DOI 10.17487/RFC7468</span>, <time datetime="2015-04" class="refDate">April 2015</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc7468">https://www.rfc-editor.org/rfc/rfc7468</a>&gt;</span>. </dd>
diff --git a/seanturner-asides/draft-ietf-lamps-kyber-certificates.txt b/seanturner-name-change/draft-ietf-lamps-kyber-certificates.txt
similarity index 85%
rename from seanturner-asides/draft-ietf-lamps-kyber-certificates.txt
rename to seanturner-name-change/draft-ietf-lamps-kyber-certificates.txt
index e4dfe0b..8452498 100644
--- a/seanturner-asides/draft-ietf-lamps-kyber-certificates.txt
+++ b/seanturner-name-change/draft-ietf-lamps-kyber-certificates.txt
@@ -5,21 +5,22 @@
 LAMPS                                                          S. Turner
 Internet-Draft                                                     sn3rd
 Intended status: Standards Track                           P. Kampanakis
-Expires: 25 April 2024                                        J. Massimo
+Expires: 22 June 2024                                         J. Massimo
                                                                      AWS
                                                            B. Westerbaan
                                                               Cloudflare
-                                                         23 October 2023
+                                                        20 December 2023
 
 
   Internet X.509 Public Key Infrastructure - Algorithm Identifiers for
-                                 Kyber
+       Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM)
                draft-ietf-lamps-kyber-certificates-latest
 
 Abstract
 
-   Kyber is a key-encapsulation mechanism (KEM).  This document
-   specifies algorithm identifiers and ASN.1 encoding format for Kyber
+   Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM), also known
+   as Kyber, is a key-encapsulation mechanism (KEM).  This document
+   specifies algorithm identifiers and ASN.1 encoding format for ML-KEM
    in public key certificates.  The encoding for public and private keys
    are also provided.
 
@@ -62,7 +63,7 @@ Status of This Memo
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."
 
-   This Internet-Draft will expire on 25 April 2024.
+   This Internet-Draft will expire on 22 June 2024.
 
 Copyright Notice
 
@@ -81,11 +82,11 @@ Copyright Notice
 Table of Contents
 
    1.  Introduction
-     1.1.  ASN.1 and Kyber Identifiers
+     1.1.  ASN.1 and ML-KEM Identifiers
      1.2.  Applicability Statement
    2.  Conventions and Definitions
    3.  Algorithm Identifiers
-   4.  Kyber Public Key Identifiers
+   4.  ML-KEM Public Key Identifiers
    5.  Subject Public Key Fields
    6.  Private Key Format
    7.  ASN.1 Module
@@ -99,26 +100,27 @@ Table of Contents
 
 1.  Introduction
 
-   Kyber is a key-encapsulation mechanism (KEM) standardized by the US
-   NIST PQC Project [PQCProj].  This document specifies the use of the
-   Kyber algorithm at three security levels: Kyber512, Kyber768, and
-   Kyber1024, in X.509 public key certificates; see [RFC5280].  Public
-   and private key encodings are also specified.
+   Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM), also known
+   as Kyber, is a key-encapsulation mechanism (KEM) standardized by the
+   US NIST PQC Project [DRAFTFIPS203].  This document specifies the use
+   of the ML-KEM algorithm at three security levels: ML-KEM-512, ML-KEM-
+   768, and ML-KEM-1024, in X.509 public key certificates; see
+   [RFC5280].  Public and private key encodings are also specified.
 
-1.1.  ASN.1 and Kyber Identifiers
+1.1.  ASN.1 and ML-KEM Identifiers
 
    An ASN.1 module [X680] is included for reference purposes.  Note that
    as per [RFC5280], certificates use the Distinguished Encoding Rules;
    see [X690].  Also note that NIST defined the object identifiers for
-   the Kyber algorithms in an ASN.1 modulle; see (TODO insert
+   the ML-KEM algorithms in an ASN.1 modulle; see (TODO insert
    reference).
 
 1.2.  Applicability Statement
 
-   Kyber certificates are used in protocols where the public key is used
-   to generate and encapsulate a shared secret used to derive a
+   ML-KEM certificates are used in protocols where the public key is
+   used to generate and encapsulate a shared secret used to derive a
    symmetric key used to encrypt a payload; see [I-D.ietf-lamps-kyber].
-   To be used in TLS, Kyber certificates could only be used as end-
+   To be used in TLS, ML-KEM certificates could only be used as end-
    entity identity certificates and would require significant updates to
    the protocol; see [I-D.celi-wiggers-tls-authkem].
 
@@ -158,8 +160,8 @@ Table of Contents
    *  parameters, which are optional, are the associated parameters for
       the algorithm identifier in the algorithm field.
 
-   Section 4 includes object identifiers for Kyber-512, Kyber-768, and
-   Kyber-1024.  For all of these OIDs, the parameters MUST be absent.
+   Section 4 includes object identifiers for ML-KEM-512, ML-KEM-768, and
+   ML-KEM-1024.  For all of these OIDs, the parameters MUST be absent.
 
       |  : It is possible to find systems that require the parameters to
       |  be present.  This can be due to either a defect in the original
@@ -169,20 +171,20 @@ Table of Contents
       |  be restricted to that subsystem and not propagated to the
       |  Internet.
 
-4.  Kyber Public Key Identifiers
+4.  ML-KEM Public Key Identifiers
 
-   The AlgorithmIdentifier for a Kyber public key MUST use one of the
-   id-alg-kyber object identifiers listed below, based on the security
-   level.  The parameters field of the AlgorithmIdentifier for the Kyber
-   public key MUST be absent.
+   The AlgorithmIdentifier for a ML-KEM public key MUST use one of the
+   id-alg-ml-kem object identifiers listed below, based on the security
+   level.  The parameters field of the AlgorithmIdentifier for the ML-
+   KEM public key MUST be absent.
 
-   When any of the Kyber AlgorithmIdentifier appears in the
+   When any of the ML-KEM AlgorithmIdentifier appears in the
    SubjectPublicKeyInfo field of an X.509 certificate, the key usage
    certificate extension MUST only contain keyEncipherment
    Section 4.2.1.3 of [RFC5280].
 
-     pk-kyber-512 PUBLIC-KEY ::= {
-       IDENTIFIER id-alg-kyber-512
+     pk-ml-kem-512 PUBLIC-KEY ::= {
+       IDENTIFIER id-alg-ml-kem-512
        -- KEY no ASN.1 wrapping --
        PARAMS ARE absent
        CERT-KEY-USAGE
@@ -190,8 +192,8 @@ Table of Contents
        --- PRIVATE-KEY no ASN.1 wrapping --
        }
 
-     pk-kyber-768 PUBLIC-KEY ::= {
-       IDENTIFIER id-alg-kyber-768
+     pk-ml-kem-768 PUBLIC-KEY ::= {
+       IDENTIFIER id-alg-ml-kem-768
        -- KEY no ASN.1 wrapping --
        PARAMS ARE absent
        CERT-KEY-USAGE
@@ -199,8 +201,8 @@ Table of Contents
        --- PRIVATE-KEY no ASN.1 wrapping --
        }
 
-     pk-kyber-1024 PUBLIC-KEY ::= {
-       IDENTIFIER id-alg-kyber-1024
+     pk-ml-kem-1024 PUBLIC-KEY ::= {
+       IDENTIFIER id-alg-ml-kem-1024
        -- KEY no ASN.1 wrapping --
        PARAMS ARE absent
        CERT-KEY-USAGE
@@ -234,7 +236,7 @@ Table of Contents
       algorithms defined in this document always encode the public key
       as TODO pick format e.g., exact multiple of 8 bits?.
 
-   The following is an example of a Kyber-512 public key encoded using
+   The following is an example of a ML-KEM-512 public key encoded using
    the textual encoding defined in [RFC7468]:
 
      -----BEGIN PUBLIC KEY-----
@@ -286,14 +288,14 @@ Table of Contents
 
      PqckemPrivateKey ::= OCTET STRING
 
-   The following is an example of a Kyber-512 private key encoded using
+   The following is an example of a ML-KEM-512 private key encoded using
    the textual encoding defined in [RFC7468]:
 
      -----BEGIN PRIVATE KEY-----
      TODO iser example private key
      -----END PRIVATE KEY-------
 
-   The following example, in addition to encoding the Kyber-512 private
+   The following example, in addition to encoding the ML-KEM-512 private
    key, has an attribute included as well as the public key.  As with
    the prior example, the textual encoding defined in [RFC7468] is used:
 
@@ -318,7 +320,7 @@ Table of Contents
    The Security Considerations section of [RFC5280] applies to this
    specification as well.
 
-   [EDNOTE: Discuss side-channels for Kyber TBD1.]
+   [EDNOTE: Discuss side-channels for ML-KEM TBD1.]
 
 9.  IANA Considerations
 
@@ -365,6 +367,13 @@ Table of Contents
 
 10.2.  Informative References
 
+   [DRAFTFIPS203]
+              National Institute of Standards and Technology (NIST),
+              "DRAFT Module-Lattice-based Key-Encapsulation Mechanism
+              Standard", FIPS PUB 203, August 2023,
+              <https://csrc.nist.gov/projects/post-quantum-
+              cryptography>.
+
    [I-D.celi-wiggers-tls-authkem]
               Wiggers, T., Celi, S., Schwabe, P., Stebila, D., and N.
               Sullivan, "KEM-based Authentication for TLS 1.3", Work in
@@ -380,11 +389,6 @@ Table of Contents
               2022, <https://datatracker.ietf.org/doc/html/draft-ietf-
               lamps-kyber-00>.
 
-   [PQCProj]  National Institute of Standards and Technology, "Post-
-              Quantum Cryptography Project", 20 December 2016,
-              <https://csrc.nist.gov/projects/post-quantum-
-              cryptography>.
-
    [RFC7468]  Josefsson, S. and S. Leonard, "Textual Encodings of PKIX,
               PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468,
               April 2015, <https://www.rfc-editor.org/rfc/rfc7468>.
diff --git a/seanturner-md-fix/draft-turner-lamps-nist-pqc-kem-certificates.html b/seanturner-name-change/draft-turner-lamps-nist-pqc-kem-certificates.html
similarity index 99%
rename from seanturner-md-fix/draft-turner-lamps-nist-pqc-kem-certificates.html
rename to seanturner-name-change/draft-turner-lamps-nist-pqc-kem-certificates.html
index 666049c..6aed7eb 100644
--- a/seanturner-md-fix/draft-turner-lamps-nist-pqc-kem-certificates.html
+++ b/seanturner-name-change/draft-turner-lamps-nist-pqc-kem-certificates.html
@@ -26,24 +26,24 @@
 use object identifiers for the new algorithms that are assigned by NIST,
 and will use placeholders until these are released.] 
     " name="description">
-<meta content="xml2rfc 3.18.2" name="generator">
+<meta content="xml2rfc 3.19.0" name="generator">
 <meta content="Internet-Draft" name="keyword">
 <meta content="draft-turner-lamps-nist-pqc-kem-certificates-latest" name="ietf.draft">
 <!-- Generator version information:
-  xml2rfc 3.18.2
+  xml2rfc 3.19.0
     Python 3.11.6
-    ConfigArgParse 1.5.3
+    ConfigArgParse 1.7
     google-i18n-address 3.1.0
     intervaltree 3.1.0
     Jinja2 3.1.2
     lxml 4.9.3
-    platformdirs 3.11.0
+    platformdirs 4.1.0
     pycountry 22.3.5
-    PyYAML 6.0
+    PyYAML 6.0.1
     requests 2.31.0
-    setuptools 67.7.2
+    setuptools 68.2.2
     six 1.16.0
-    wcwidth 0.2.9
+    wcwidth 0.2.12
 -->
 <link href="draft-turner-lamps-nist-pqc-kem-certificates.xml" rel="alternate" type="application/rfc+xml">
 <link href="#copyright" rel="license">
@@ -1042,11 +1042,11 @@
 <thead><tr>
 <td class="left">Internet-Draft</td>
 <td class="center">PQC KEM for Certificates</td>
-<td class="right">November 2023</td>
+<td class="right">December 2023</td>
 </tr></thead>
 <tfoot><tr>
 <td class="left">Turner, et al.</td>
-<td class="center">Expires 8 May 2024</td>
+<td class="center">Expires 22 June 2024</td>
 <td class="right">[Page]</td>
 </tr></tfoot>
 </table>
@@ -1059,12 +1059,12 @@
 <dd class="internet-draft">draft-turner-lamps-nist-pqc-kem-certificates-latest</dd>
 <dt class="label-published">Published:</dt>
 <dd class="published">
-<time datetime="2023-11-05" class="published">5 November 2023</time>
+<time datetime="2023-12-20" class="published">20 December 2023</time>
     </dd>
 <dt class="label-intended-status">Intended Status:</dt>
 <dd class="intended-status">Standards Track</dd>
 <dt class="label-expires">Expires:</dt>
-<dd class="expires"><time datetime="2024-05-08">8 May 2024</time></dd>
+<dd class="expires"><time datetime="2024-06-22">22 June 2024</time></dd>
 <dt class="label-authors">Authors:</dt>
 <dd class="authors">
 <div class="author">
@@ -1139,7 +1139,7 @@ <h2 id="name-status-of-this-memo">
         time. It is inappropriate to use Internet-Drafts as reference
         material or to cite them other than as "work in progress."<a href="#section-boilerplate.1-3" class="pilcrow">¶</a></p>
 <p id="section-boilerplate.1-4">
-        This Internet-Draft will expire on 8 May 2024.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
+        This Internet-Draft will expire on 22 June 2024.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="copyright">
diff --git a/seanturner-md-fix/draft-turner-lamps-nist-pqc-kem-certificates.txt b/seanturner-name-change/draft-turner-lamps-nist-pqc-kem-certificates.txt
similarity index 98%
rename from seanturner-md-fix/draft-turner-lamps-nist-pqc-kem-certificates.txt
rename to seanturner-name-change/draft-turner-lamps-nist-pqc-kem-certificates.txt
index 7aa5b03..bf7c3bb 100644
--- a/seanturner-md-fix/draft-turner-lamps-nist-pqc-kem-certificates.txt
+++ b/seanturner-name-change/draft-turner-lamps-nist-pqc-kem-certificates.txt
@@ -5,11 +5,11 @@
 None                                                           S. Turner
 Internet-Draft                                                     sn3rd
 Intended status: Standards Track                           P. Kampanakis
-Expires: 8 May 2024                                           J. Massimo
+Expires: 22 June 2024                                         J. Massimo
                                                                      AWS
                                                            B. Westerbaan
                                                               Cloudflare
-                                                         5 November 2023
+                                                        20 December 2023
 
 
 Algorithm Identifiers for NIST's PQC Algorithms for Use in the Internet
@@ -69,7 +69,7 @@ Status of This Memo
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."
 
-   This Internet-Draft will expire on 8 May 2024.
+   This Internet-Draft will expire on 22 June 2024.
 
 Copyright Notice
 
diff --git a/draft-ietf-lamps-kyber-certificates-02/index.html b/seanturner-name-change/index.html
similarity index 78%
rename from draft-ietf-lamps-kyber-certificates-02/index.html
rename to seanturner-name-change/index.html
index a6722b5..37c7d04 100644
--- a/draft-ietf-lamps-kyber-certificates-02/index.html
+++ b/seanturner-name-change/index.html
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html>
   <head>
-    <title>lamps-wg/kyber-certificates draft-ietf-lamps-kyber-certificates-02 preview</title>
+    <title>lamps-wg/kyber-certificates seanturner-name-change preview</title>
     <meta name="viewport" content="initial-scale=1.0">
     <style type="text/css">/*<![CDATA[*/
       body { font-family: "Helvetica Neue","Open Sans", Helvetica, Calibri,sans-serif; }
@@ -13,11 +13,11 @@
     /*]]>*/</style>
   </head>
   <body>
-    <h1>Editor's drafts for draft-ietf-lamps-kyber-certificates-02 branch of <a href="https://github.com/lamps-wg/kyber-certificates/tree/draft-ietf-lamps-kyber-certificates-02">lamps-wg/kyber-certificates</a></h1>
-    <table id="branch-draft-ietf-lamps-kyber-certificates-02">
+    <h1>Editor's drafts for seanturner-name-change branch of <a href="https://github.com/lamps-wg/kyber-certificates/tree/seanturner-name-change">lamps-wg/kyber-certificates</a></h1>
+    <table id="branch-seanturner-name-change">
       <tr>
-        <td><a href="./draft-ietf-lamps-kyber-certificates.html" class="html draft-ietf-lamps-kyber-certificates" title="Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Kyber (HTML)">PQC Kyber in Certificates</a></td>
-        <td><a href="./draft-ietf-lamps-kyber-certificates.txt" class="txt draft-ietf-lamps-kyber-certificates" title="Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Kyber (Text)">plain text</a></td>
+        <td><a href="./draft-ietf-lamps-kyber-certificates.html" class="html draft-ietf-lamps-kyber-certificates" title="Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) (HTML)">ML-KEM in Certificates</a></td>
+        <td><a href="./draft-ietf-lamps-kyber-certificates.txt" class="txt draft-ietf-lamps-kyber-certificates" title="Internet X.509 Public Key Infrastructure - Algorithm Identifiers for Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) (Text)">plain text</a></td>
         <td>same as main</td>
       </tr>
       <tr>