LAMPS S. Turner
Internet-Draft sn3rd
Intended status: Standards Track P. Kampanakis
Expires: 6 August 2025 J. Massimo
AWS
B. Westerbaan
Cloudflare
2 February 2025
Internet X.509 Public Key Infrastructure - Algorithm Identifiers for the
Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM)
draft-ietf-lamps-kyber-certificates-08
Abstract
The Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) is a
quantum-resistant key-encapsulation mechanism (KEM). This document
describes the conventions for using the ML-KEM in X.509 Public Key
Infrastructure. The conventions for the subject public keys and
private keys are also described.
About This Document
This note is to be removed before publishing as an RFC.
The latest revision of this draft can be found at https://lamps-
wg.github.io/kyber-certificates/#go.draft-ietf-lamps-kyber-
certificates.html. Status information for this document may be found
at https://datatracker.ietf.org/doc/draft-ietf-lamps-kyber-
certificates/.
Discussion of this document takes place on the Limited Additional
Mechanisms for PKIX and SMIME (lamps) Working Group mailing list
(mailto:spasm@ietf.org), which is archived at
https://mailarchive.ietf.org/arch/browse/spasm/. Subscribe at
https://www.ietf.org/mailman/listinfo/spasm/.
Source for this draft and an issue tracker can be found at
https://github.com/lamps-wg/kyber-certificates.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Turner, et al. Expires 6 August 2025 [Page 1]
�
Internet-Draft ML-KEM in Certificates February 2025
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 6 August 2025.
Copyright Notice
Copyright (c) 2025 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Applicability Statement . . . . . . . . . . . . . . . . . 3
2. Conventions and Definitions . . . . . . . . . . . . . . . . . 3
3. Algorithm Identifiers . . . . . . . . . . . . . . . . . . . . 3
4. Subject Public Key Fields . . . . . . . . . . . . . . . . . . 6
5. Private Key Format . . . . . . . . . . . . . . . . . . . . . 6
6. Implementation Considerations . . . . . . . . . . . . . . . . 7
7. Security Considerations . . . . . . . . . . . . . . . . . . . 8
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
9.1. Normative References . . . . . . . . . . . . . . . . . . 9
9.2. Informative References . . . . . . . . . . . . . . . . . 10
Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 11
Appendix B. Parameter Set Security and Sizes . . . . . . . . . . 13
Appendix C. Examples . . . . . . . . . . . . . . . . . . . . . . 14
C.1. Example Private Key . . . . . . . . . . . . . . . . . . . 14
C.2. Example Public Key . . . . . . . . . . . . . . . . . . . 15
C.3. Example Certificates . . . . . . . . . . . . . . . . . . 22
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 43
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 43
Turner, et al. Expires 6 August 2025 [Page 2]
�
Internet-Draft ML-KEM in Certificates February 2025
1. Introduction
The Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM)
standardized in [FIPS203] is a quantum-resistant key-encapsulation
mechanism (KEM) standardized by the US National Institute of
Standards and Technology (NIST) PQC Project [NIST-PQC]. Prior to
standardization, the earlier versions of the mechanism were known as
Kyber. ML-KEM and Kyber are not compatible. This document specifies
the use of ML-KEM in Public Key Infrastructure X.509 (PKIX)
certificates [RFC5280] at three security levels: ML-KEM-512, ML-KEM-
768, and ML-KEM-1024, using object identifiers assigned by NIST. The
private key format is also specified.
1.1. Applicability Statement
ML-KEM certificates are used in protocols where the public key is
used to generate and encapsulate a shared secret used to derive a
symmetric key used to encrypt a payload; see
[I-D.ietf-lamps-cms-kyber]. To be used in TLS, ML-KEM certificates
could only be used as end-entity identity certificates and would
require significant updates to the protocol; see
[I-D.celi-wiggers-tls-authkem].
2. Conventions and Definitions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
3. Algorithm Identifiers
The AlgorithmIdentifier type is defined in [RFC5912] as follows:
AlgorithmIdentifier{ALGORITHM-TYPE, ALGORITHM-TYPE:AlgorithmSet} ::=
SEQUENCE {
algorithm ALGORITHM-TYPE.&id({AlgorithmSet}),
parameters ALGORITHM-TYPE.
&Params({AlgorithmSet}{@algorithm}) OPTIONAL
}
| NOTE: The above syntax is from [RFC5912] and is compatible with
| the 2021 ASN.1 syntax [X680]. See [RFC5280] for the 1988 ASN.1
| syntax.
The fields in AlgorithmIdentifier have the following meanings:
Turner, et al. Expires 6 August 2025 [Page 3]
�
Internet-Draft ML-KEM in Certificates February 2025
* algorithm identifies the cryptographic algorithm with an object
identifier.
* parameters, which are optional, are the associated parameters for
the algorithm identifier in the algorithm field.
The AlgorithmIdentifier for an ML-KEM public key MUST use one of the
id-alg-ml-kem object identifiers listed below, based on the security
level. The parameters field of the AlgorithmIdentifier for the ML-
KEM public key MUST be absent.
When any of the ML-KEM AlgorithmIdentifiers appear in the
SubjectPublicKeyInfo field of an X.509 certificate, the key usage
certificate extension MUST only contain keyEncipherment
Section 4.2.1.3 of [RFC5280].
Turner, et al. Expires 6 August 2025 [Page 4]
�
Internet-Draft ML-KEM in Certificates February 2025
nistAlgorithms OBJECT IDENTIFIER ::= { joint-iso-ccitt(2)
country(16) us(840) organization(1) gov(101) csor(3)
nistAlgorithm(4) }
kems OBJECT IDENTIFIER ::= { nistAlgorithms 4 }
id-alg-ml-kem-512 OBJECT IDENTIFIER ::= { kems 1 }
id-alg-ml-kem-768 OBJECT IDENTIFIER ::= { kems 2 }
id-alg-ml-kem-1024 OBJECT IDENTIFIER ::= { kems 3 }
pk-ml-kem-512 PUBLIC-KEY ::= {
IDENTIFIER id-alg-ml-kem-512
-- KEY no ASN.1 wrapping --
PARAMS ARE absent
CERT-KEY-USAGE { keyEncipherment }
--- PRIVATE-KEY no ASN.1 wrapping --
}
pk-ml-kem-768 PUBLIC-KEY ::= {
IDENTIFIER id-alg-ml-kem-768
-- KEY no ASN.1 wrapping --
PARAMS ARE absent
CERT-KEY-USAGE { keyEncipherment }
--- PRIVATE-KEY no ASN.1 wrapping --
}
pk-ml-kem-1024 PUBLIC-KEY ::= {
IDENTIFIER id-alg-ml-kem-1024
-- KEY no ASN.1 wrapping --
PARAMS ARE absent
CERT-KEY-USAGE { keyEncipherment }
--- PRIVATE-KEY no ASN.1 wrapping --
}
ML-KEM-PublicKey ::= OCTET STRING (SIZE (800 | 1184 | 1568))
ML-KEM-PrivateKey ::= OCTET STRING (SIZE (64))
No additional encoding of the ML-KEM public key value is applied in
the SubjectPublicKeyInfo field of an X.509 certificate [RFC5280].
However, whenever it appears outside of a certificate, it MAY be
encoded as an OCTET STRING by using the ML-KEM-PublicKey type.
Turner, et al. Expires 6 August 2025 [Page 5]
�
Internet-Draft ML-KEM in Certificates February 2025
No additional encoding of the ML-KEM private key value is applied in
the PrivateKeyInfo field of the OneAsymmetricKey type of an
Asymmetric Key Package [RFC5958]. However, whenever it appears
outside of a Asymmetric Key Package, it MAY be encoded as an OCTET
STRING by using the ML-KEM-PrivateKey type.
4. Subject Public Key Fields
In the X.509 certificate, the subjectPublicKeyInfo field has the
SubjectPublicKeyInfo type, which has the following ASN.1 syntax:
SubjectPublicKeyInfo {PUBLIC-KEY: IOSet} ::= SEQUENCE {
algorithm AlgorithmIdentifier {PUBLIC-KEY, {IOSet}},
subjectPublicKey BIT STRING
}
| NOTE: The above syntax is from [RFC5912] and is compatible with
| the 2021 ASN.1 syntax [X680]. See [RFC5280] for the 1988 ASN.1
| syntax.
The fields in SubjectPublicKeyInfo have the following meaning:
* algorithm is the algorithm identifier and parameters for the
public key (see above).
* subjectPublicKey contains the byte stream of the public key.
Appendix C.2 contains examples for ML-KEM public keys encoded using
the textual encoding defined in [RFC7468].
5. Private Key Format
In short, an ML-KEM private key is encoded by storing its 64-octet
seed in the privateKey field as follows.
[FIPS203] specifies two formats for an ML-KEM private key: a 64-octet
seed and an (expanded) private key, which is referred to as the
decapsulation key. The expanded private key (and public key) is
computed from the seed using ML-KEM.KeyGen_internal(d,z) (algorithm
16) using the first 32 octets as _d_ and the remaining 32 octets as
_z_.
A keypair is generated by sampling 64 octets uniformly at random for
the seed (private key) from a cryptographically secure pseudorandom
number generator (CSPRNGs). The public key can then be computed
using ML-KEM.KeyGen_internal(d,z) as described earlier.
Turner, et al. Expires 6 August 2025 [Page 6]
�
Internet-Draft ML-KEM in Certificates February 2025
"Asymmetric Key Packages" [RFC5958] describes how to encode a private
key in a structure that both identifies which algorithm the private
key is for and allows for the public key and additional attributes
about the key to be included as well. For illustration, the ASN.1
structure OneAsymmetricKey is replicated below.
OneAsymmetricKey ::= SEQUENCE {
version Version,
privateKeyAlgorithm SEQUENCE {
algorithm PUBLIC-KEY.&id({PublicKeySet}),
parameters PUBLIC-KEY.&Params({PublicKeySet}
{@privateKeyAlgorithm.algorithm})
OPTIONAL}
privateKey OCTET STRING (CONTAINING
PUBLIC-KEY.&PrivateKey({PublicKeySet}
{@privateKeyAlgorithm.algorithm})),
attributes [0] Attributes OPTIONAL,
...,
[[2: publicKey [1] BIT STRING (CONTAINING
PUBLIC-KEY.&Params({PublicKeySet}
{@privateKeyAlgorithm.algorithm})
OPTIONAL,
...
}
| NOTE: The above syntax is from [RFC5958] and is compatible with
| the 2021 ASN.1 syntax [X680].
When used in a OneAsymmetricKey type, the privateKey OCTET STRING
contains the raw octet string encoding of the 64-octet seed. The
publicKey field SHOULD be omitted because the public key can be
computed as noted earlier in this section.
Appendix C.1 contains examples for ML-KEM private keys encoded using
the textual encoding defined in [RFC7468].
6. Implementation Considerations
Though section 7.1 of [FIPS203] mentions the potential to save seed
values for future expansion, Algorithm 19 does not make the seed
values available to a caller for serialization. Similarly, the
algorithm that expands seed values is not listed as one of the "main
algorithms" and features "internal" in the name even though it is
clear that it is allowed to be exposed externally for the purposes of
expanding a key from a seed. Below are possible ways to extend the
APIs defined in [FIPS203] to support serialization of seed values as
private keys.
Turner, et al. Expires 6 August 2025 [Page 7]
�
Internet-Draft ML-KEM in Certificates February 2025
To support serialization of seed values as private keys, let
Algorithm 19b denote the same procedure as Algorithm 19 in [FIPS203]
except it returns (ek, dk, d, z) on line 7. Additionally, Algorithm
16 should be promoted to be a "main algorithm" for external use in
expanding seed values.
Note also that unlike other private key compression methods in other
algorithms, expanding a private key from a seed is a one-way
function, meaning that once a full key is expanded from seed and the
seed discarded, the seed cannot be re-created even if the full
expanded private key is available. For this reason it is RECOMMENDED
that implementations retain and export the seed, even when also
exporting the expanded key.
7. Security Considerations
The Security Considerations section of [RFC5280] applies to this
specification as well.
Protection of the private-key information, i.e., the seed, is vital
to public-key cryptography. Disclosure of the private-key material
to another entity can lead to masquerades.
For ML-KEM specific security considerations refer to
[I-D.sfluhrer-cfrg-ml-kem-security-considerations].
The generation of private keys relies on random numbers. The use of
inadequate pseudo-random number generators (PRNGs) to generate these
values can result in little or no security. An attacker may find it
much easier to reproduce the PRNG environment that produced the keys,
searching the resulting small set of possibilities, rather than brute
force searching the whole key space. The generation of quality
random numbers is difficult, and [RFC4086] offers important guidance
in this area.
ML-KEM key generation as standardized in [FIPS203] has specific
requirements around randomness generation, described in section 3.3,
'Randomness generation'.
Many protocols only rely on the IND-CCA security of a KEM. Some
(implicitly) require further binding properties, formalized in
[CDM23]. The private key format influences these binding properties.
Per [KEMMY24], ML-KEM is LEAK-BIND-K-PK-secure and LEAK-BIND-K-CT-
secure when using the expanded private key format, but not MAL-BIND-
K-CT nor MAL-BIND-K-PK. Using the 64-byte seed format provides a
step up in binding security, additionally providing MAL-BIND-K-CT
security, but still not MAL-BIND-K-PK. For more guidance, see
[I-D.sfluhrer-cfrg-ml-kem-security-considerations].
Turner, et al. Expires 6 August 2025 [Page 8]
�
Internet-Draft ML-KEM in Certificates February 2025
8. IANA Considerations
For the ASN.1 Module in Appendix A, IANA is requested to assign an
object identifier (OID) for the module identifier (TBD) with a
Description of "id-mod-x509-ml-kem-2024". The OID for the module
should be allocated in the "SMI Security for PKIX Module Identifier"
registry (1.3.6.1.5.5.7.0).
9. References
9.1. Normative References
[FIPS203] "Module-lattice-based key-encapsulation mechanism
standard", National Institute of Standards and Technology
(U.S.), DOI 10.6028/nist.fips.203, August 2024,
<https://doi.org/10.6028/nist.fips.203>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/rfc/rfc2119>.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
<https://www.rfc-editor.org/rfc/rfc5280>.
[RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the
Public Key Infrastructure Using X.509 (PKIX)", RFC 5912,
DOI 10.17487/RFC5912, June 2010,
<https://www.rfc-editor.org/rfc/rfc5912>.
[RFC5958] Turner, S., "Asymmetric Key Packages", RFC 5958,
DOI 10.17487/RFC5958, August 2010,
<https://www.rfc-editor.org/rfc/rfc5958>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.
[RFC9629] Housley, R., Gray, J., and T. Okubo, "Using Key
Encapsulation Mechanism (KEM) Algorithms in the
Cryptographic Message Syntax (CMS)", RFC 9629,
DOI 10.17487/RFC9629, August 2024,
<https://www.rfc-editor.org/rfc/rfc9629>.
Turner, et al. Expires 6 August 2025 [Page 9]
�
Internet-Draft ML-KEM in Certificates February 2025
[X680] ITU-T, "Information technology - Abstract Syntax Notation
One (ASN.1): Specification of basic notation", ITU-T
Recommendation X.680, ISO/IEC 8824-1:2021, February 2021,
<https://www.itu.int/rec/T-REC-X.680>.
[X690] ITU-T, "Information technology - Abstract Syntax Notation
One (ASN.1): ASN.1 encoding rules: Specification of Basic
Encoding Rules (BER), Canonical Encoding Rules (CER) and
Distinguished Encoding Rules (DER)", ITU-T
Recommendation X.690, ISO/IEC 8825-1:2021, February 2021,
<https://www.itu.int/rec/T-REC-X.690>.
9.2. Informative References
[CDM23] Cremers, C., Dax, A., and N. Medinger, "Keeping Up with
the KEMs: Stronger Security Notions for KEMs and automated
analysis of KEM-based protocols", 2023,
<https://eprint.iacr.org/2023/1933.pdf>.
[I-D.celi-wiggers-tls-authkem]
Wiggers, T., Celi, S., Schwabe, P., Stebila, D., and N.
Sullivan, "KEM-based Authentication for TLS 1.3", Work in
Progress, Internet-Draft, draft-celi-wiggers-tls-authkem-
04, 17 October 2024,
<https://datatracker.ietf.org/doc/html/draft-celi-wiggers-
tls-authkem-04>.
[I-D.ietf-lamps-cms-kyber]
Prat, J., Ounsworth, M., and D. Van Geest, "Use of ML-KEM
in the Cryptographic Message Syntax (CMS)", Work in
Progress, Internet-Draft, draft-ietf-lamps-cms-kyber-08, 9
January 2025, <https://datatracker.ietf.org/doc/html/
draft-ietf-lamps-cms-kyber-08>.
[I-D.ietf-lamps-dilithium-certificates]
Massimo, J., Kampanakis, P., Turner, S., and B.
Westerbaan, "Internet X.509 Public Key Infrastructure:
Algorithm Identifiers for ML-DSA", Work in Progress,
Internet-Draft, draft-ietf-lamps-dilithium-certificates-
06, 14 January 2025,
<https://datatracker.ietf.org/doc/html/draft-ietf-lamps-
dilithium-certificates-06>.
Turner, et al. Expires 6 August 2025 [Page 10]
�
Internet-Draft ML-KEM in Certificates February 2025
[I-D.sfluhrer-cfrg-ml-kem-security-considerations]
Fluhrer, S., Dang, Q., Mattsson, J. P., Milner, K., and D.
Shiu, "ML-KEM Security Considerations", Work in Progress,
Internet-Draft, draft-sfluhrer-cfrg-ml-kem-security-
considerations-02, 19 November 2024,
<https://datatracker.ietf.org/doc/html/draft-sfluhrer-
cfrg-ml-kem-security-considerations-02>.
[KEMMY24] Schmieg, S., "Unbindable Kemmy Schmidt: ML-KEM is neither
MAL-BIND-K-CT nor MAL-BIND-K-PK", 2024,
<https://eprint.iacr.org/2024/523.pdf>.
[NIST-PQC] National Institute of Standards and Technology (NIST),
"Post-Quantum Cryptography Project", 20 December 2016,
<https://csrc.nist.gov/projects/post-quantum-
cryptography>.
[RFC4086] Eastlake 3rd, D., Schiller, J., and S. Crocker,
"Randomness Requirements for Security", BCP 106, RFC 4086,
DOI 10.17487/RFC4086, June 2005,
<https://www.rfc-editor.org/rfc/rfc4086>.
[RFC7468] Josefsson, S. and S. Leonard, "Textual Encodings of PKIX,
PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468,
April 2015, <https://www.rfc-editor.org/rfc/rfc7468>.
Appendix A. ASN.1 Module
This appendix includes the ASN.1 module [X680] for the ML-KEM. Note
that as per [RFC5280], certificates use the Distinguished Encoding
Rules; see [X690]. This module imports objects from [RFC5912] and
[RFC9629].
<CODE BEGINS>
X509-ML-KEM-2024
{ iso(1) identified-organization(3) dod(6)
internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-x509-ml-kem-2024(TBD) }
DEFINITIONS IMPLICIT TAGS ::= BEGIN
EXPORTS ALL;
IMPORTS
PUBLIC-KEY
FROM AlgorithmInformation-2009 -- [RFC 5912]
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
Turner, et al. Expires 6 August 2025 [Page 11]
�
Internet-Draft ML-KEM in Certificates February 2025
id-mod-algorithmInformation-02(58) }
KEM-ALGORITHM
FROM KEMAlgorithmInformation-2023 -- [RFC 9629]
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-kemAlgorithmInformation-2023(109) };
--
-- ML-KEM Identifiers
--
nistAlgorithms OBJECT IDENTIFIER ::= { joint-iso-ccitt(2)
country(16) us(840) organization(1) gov(101) csor(3)
nistAlgorithm(4) }
kems OBJECT IDENTIFIER ::= { nistAlgorithms 4 }
id-alg-ml-kem-512 OBJECT IDENTIFIER ::= { kems 1 }
id-alg-ml-kem-768 OBJECT IDENTIFIER ::= { kems 2 }
id-alg-ml-kem-1024 OBJECT IDENTIFIER ::= { kems 3 }
--
-- Public Key Algorithms
--
-- To use the following with the PKIX1Explicit-2009 [RFC5912], replace
-- the PublicKeyAlgorithms therein with the following:
--
-- PublicKeyAlgorithms PUBLIC-KEY ::= {
-- PKIXAlgs-2009.PublicKeys,
-- ...,
-- PKIX1-PSS-OAEP-Algorithms-2009.PublicKeys,
-- X509-ML-KEM-2024.PublicKeys }
--
-- Public Key (pk-) Algorithms
--
PublicKeys PUBLIC-KEY ::= {
-- This expands PublicKeys from RFC 5912
pk-ml-kem-512 |
pk-ml-kem-768 |
pk-ml-kem-1024,
...
}
Turner, et al. Expires 6 August 2025 [Page 12]
�
Internet-Draft ML-KEM in Certificates February 2025
--
-- ML-KEM Public Keys & Private Key
--
pk-ml-kem-512 PUBLIC-KEY ::= {
IDENTIFIER id-alg-ml-kem-512
-- KEY no ASN.1 wrapping --
PARAMS ARE absent
CERT-KEY-USAGE { keyEncipherment }
--- PRIVATE-KEY no ASN.1 wrapping --
}
pk-ml-kem-768 PUBLIC-KEY ::= {
IDENTIFIER id-alg-ml-kem-768
-- KEY no ASN.1 wrapping --
PARAMS ARE absent
CERT-KEY-USAGE { keyEncipherment }
--- PRIVATE-KEY no ASN.1 wrapping --
}
pk-ml-kem-1024 PUBLIC-KEY ::= {
IDENTIFIER id-alg-ml-kem-1024
-- KEY no ASN.1 wrapping --
PARAMS ARE absent
CERT-KEY-USAGE { keyEncipherment }
--- PRIVATE-KEY no ASN.1 wrapping --
}
ML-KEM-PublicKey ::= OCTET STRING (SIZE (800 | 1184 | 1568))
ML-KEM-PrivateKey ::= OCTET STRING (SIZE (64))
END
<CODE ENDS>
Appendix B. Parameter Set Security and Sizes
Instead of defining the strength of a quantum algorithm in a
traditional manner using the imprecise notion of bits of security,
NIST has defined security levels by picking a reference scheme, which
NIST expects to offer notable levels of resistance to both quantum
and classical attack. To wit, a KEM algorithm that achieves NIST PQC
security must require computational resources to break IND-CCA
security comparable or greater than that required for key search on
AES-128, AES-192, and AES-256 for Levels 1, 3, and 5, respectively.
Levels 2 and 4 use collision search for SHA-256 and SHA-384 as
reference.
Turner, et al. Expires 6 August 2025 [Page 13]
�
Internet-Draft ML-KEM in Certificates February 2025
+=======+===============+========+========+============+========+
| Level | Parameter Set | Encap. | Decap. | Ciphertext | Secret |
| | | Key | Key | | |
+=======+===============+========+========+============+========+
| 1 | ML-KEM-512 | 800 | 1632 | 768 | 32 |
+-------+---------------+--------+--------+------------+--------+
| 3 | ML-KEM-768 | 1184 | 2400 | 1952 | 32 |
+-------+---------------+--------+--------+------------+--------+
| 5 | ML-KEM-1024 | 1568 | 3168 | 2592 | 32 |
+-------+---------------+--------+--------+------------+--------+
Table 1: Mapping between NIST Security Level, ML-KEM
parameter set, and sizes in bytes
Appendix C. Examples
This appendix contains examples of ML-KEM public keys, private keys
and certificates.
C.1. Example Private Key
The following is an example of a ML-KEM-512 private key with hex seed
0001…3f:
-----BEGIN PRIVATE KEY-----
MFICAQAwCwYJYIZIAWUDBAQBBEAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRob
HB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4/
-----END PRIVATE KEY-----
SEQUENCE {
INTEGER { 0 }
SEQUENCE {
OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.4.1 }
}
OCTET_STRING { `000102030405060708090a0b0c0d0e0f10111213141516
1718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536
3738393a3b3c3d3e3f` }
}
The following is an example of a ML-KEM-768 private key from the same
seed.
-----BEGIN PRIVATE KEY-----
MFICAQAwCwYJYIZIAWUDBAQCBEAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRob
HB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4/
-----END PRIVATE KEY-----
Turner, et al. Expires 6 August 2025 [Page 14]
�
Internet-Draft ML-KEM in Certificates February 2025
SEQUENCE {
INTEGER { 0 }
SEQUENCE {
OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.4.2 }
}
OCTET_STRING { `000102030405060708090a0b0c0d0e0f10111213141516
1718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536
3738393a3b3c3d3e3f` }
}
The following is an example of a ML-KEM-1024 private key from the
same seed.
-----BEGIN PRIVATE KEY-----
MFICAQAwCwYJYIZIAWUDBAQDBEAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRob
HB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4/
-----END PRIVATE KEY-----
SEQUENCE {
INTEGER { 0 }
SEQUENCE {
OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.4.3 }
}
OCTET_STRING { `000102030405060708090a0b0c0d0e0f10111213141516
1718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536
3738393a3b3c3d3e3f` }
}
| NOTE: The private key is the seed and all three examples keys
| use the same seed; therefore, the private above are the same
| except for the OID used to represent the ML-KEM algorithm's
| security strength.
C.2. Example Public Key
The following is the ML-KEM-512 public key corresponding to the
private key in the previous section.
Turner, et al. Expires 6 August 2025 [Page 15]
�
Internet-Draft ML-KEM in Certificates February 2025
-----BEGIN PUBLIC KEY-----
MIIDMjALBglghkgBZQMEBAEDggMhADmVgV5ZfRBDVc8pqlMzyTJRhp1bzb5IcST2
Ari2pmwWxHYWSK12XPXYAGtRXpBafwrAdrDGLvoygVPnylcBaZ8TBfHmvG+QsOSb
aTUSts6ZKouAFt38GmYsfj+WGcvYad13GvMIlszVkYrGy3dGbF53mZbWf/mqvJdQ
Pyx7fi0ADYZFD7GAfKTKvaRlgloxx4mht6SRqzhydl0yDQtxkg+iE8lAk0Frg7gS
Tmn2XmLLUADcw3qpoP/3OXDEdy81fSQYnKb1MFVowOI3ajdipoxgXlY8XSCVcuD8
dTLKKUcpU1VntfxBPF6HktJGRTbMgI+YrddGZPFBVm+QFqkKVBgpqYoEZM5BqLtE
wtT6PCwglGByjvFKGnxMm5jRIgO0zDUpFgqasteDj3/2tTrgWqMafWRrevpsRZMl
JqPDdVYZvplMIRwqMcBbNEeDbLIVC+GCna5rBMVTXP9Ubjkrp5dBFyD5JPSQpaxU
lfITVtVQt4KmTBaItrZVvMeEIZekNML2Vjtbfwmni8xIgjJ4NWHRb0y6tnVUAAUH
gVcMZmBLgXrRJSKUc26LAYYaS1p0UZuLb+UUiaUHI5Llh2JscTd2V10zgGocjicy
r5fCaA9RZmMxxOuLvAQxxPloMtrxs8RVKPuhU/bHixwZhwKUfM0zdyekb7U7oR3l
y0GRNGhZUWy2rXJADzzyCbI2rvNaWArIfrPjD6/WaXPKin3SZ1r0H3oXthQzzRr4
D3cIhp9mVIhJeYCxrBCgzctjagDthoGzXkKRJMqANQcluF+DperDpKPMFgCQPmUp
NWC5szblrw1SnawaBIEZMCy3qbzBELlIUb8CEX8ZncSFqFK3Rz8JuDGmgx1bVMC3
kNIlz2u5LZRiomzbM92lEjx6rw4moLg2Ve6ii/OoB0clAY/WuuS2Ac9huqtxp6PT
UZejQ+dLSicsEl1UCJZCbYW3lY07OKa6mH7DciXHtEzbEt3kU5tKsII2NoPwS/eg
nMXEHf6DChsWLgsyQzQ2LwhKFEZ3IzRLrdAA+NjFN8SPmY8FMHzr0e3guBw7xZoG
WhttY7Js
-----END PUBLIC KEY-----
Turner, et al. Expires 6 August 2025 [Page 16]
�
Internet-Draft ML-KEM in Certificates February 2025
SEQUENCE {
SEQUENCE {
OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.4.1 }
}
BIT_STRING { `00` `3995815e597d104355cf29aa5333c93251869d5bcdb
e487124f602b8b6a66c16c4761648ad765cf5d8006b515e905a7f0ac076b0c62
efa328153e7ca5701699f1305f1e6bc6f90b0e49b693512b6ce992a8b8016ddf
c1a662c7e3f9619cbd869dd771af30896ccd5918ac6cb77466c5e779996d67ff
9aabc97503f2c7b7e2d000d86450fb1807ca4cabda465825a31c789a1b7a491a
b3872765d320d0b71920fa213c94093416b83b8124e69f65e62cb5000dcc37aa
9a0fff73970c4772f357d24189ca6f5305568c0e2376a3762a68c605e563c5d2
09572e0fc7532ca294729535567b5fc413c5e8792d2464536cc808f98add7466
4f141566f9016a90a541829a98a0464ce41a8bb44c2d4fa3c2c209460728ef14
a1a7c4c9b98d12203b4cc3529160a9ab2d7838f7ff6b53ae05aa31a7d646b7af
a6c45932526a3c3755619be994c211c2a31c05b3447836cb2150be1829dae6b0
4c5535cff546e392ba797411720f924f490a5ac5495f21356d550b782a64c168
8b6b655bcc7842197a434c2f6563b5b7f09a78bcc488232783561d16f4cbab67
55400050781570c66604b817ad1252294736e8b01861a4b5a74519b8b6fe5148
9a5072392e587626c713776575d33806a1c8e2732af97c2680f51666331c4eb8
bbc0431c4f96832daf1b3c45528fba153f6c78b1c198702947ccd337727a46fb
53ba11de5cb4191346859516cb6ad72400f3cf209b236aef35a580ac87eb3e30
fafd66973ca8a7dd2675af41f7a17b61433cd1af80f7708869f665488497980b
1ac10a0cdcb636a00ed8681b35e429124ca80350725b85f83a5eac3a4a3cc160
0903e65293560b9b336e5af0d529dac1a048119302cb7a9bcc110b94851bf021
17f199dc485a852b7473f09b831a6831d5b54c0b790d225cf6bb92d9462a26cd
b33dda5123c7aaf0e26a0b83655eea28bf3a8074725018fd6bae4b601cf61baa
b71a7a3d35197a343e74b4a272c125d540896426d85b7958d3b38a6ba987ec37
225c7b44cdb12dde4539b4ab082363683f04bf7a09cc5c41dfe830a1b162e0b3
24334362f084a14467723344badd000f8d8c537c48f998f05307cebd1ede0b81
c3bc59a065a1b6d63b26c` }
}
The following is the ML-KEM-768 public key corresponding to the
private key in the previous section.
Turner, et al. Expires 6 August 2025 [Page 17]
�
Internet-Draft ML-KEM in Certificates February 2025
-----BEGIN PUBLIC KEY-----
MIIEsjALBglghkgBZQMEBAIDggShACmKoQ1CPI3aBp0CvFnmzfA6CWuLPaTKubgM
pKFJB2cszvHsT68jSgvFt+nUc/KzEzs7JqHRdctnp4BZGWmcAvdlMbmcX4kYBwS7
TKRTXFuJcmecZgoHxeUUuHAJyGLrj1FXaV77P8QKne9rgcHMAqJJrk8JStDZvTSF
wcHGgIBSCnyMYyAyzuc4FU5cUXbAfaVgJHdqQw/nbqz2ZaP3uDIQIhW8gvEJOcg1
VwQzao+sHYHkuwSFql18dNa1m75cXpcqDYusQRtVtdVVfNaAoaj3G064a8SMmgUJ
cxpUvZ1ykLJ5Y+Q3Lcmxmc/crAsBrNKKYjlREuTENkjWIsSMgjTQFEDozDdskn8j
pa/JrAR0xmInTkJFJchVLs47P+JlFt6QG8fVFb3olVjmJslcgLkzQvgBAATznmxs
lIccXjRMqzlmyDX5qWpZr9McQChrOLHBp4RwurlHUYk0RTzoZzapGfH1ptUQqG9U
VPw5gMtcdlvSvV97NrFBDWY1yM60fE3aDXaijqyTnHHDAkgEhmxxYmZYRCFjwsIh
F+UKzvzmN4qYVlIwKk7wws4Mxxa3eW4ray43d9+hrD2iWaMbWptTD4y2OKgaYqww
GEmrr5WnMBvaMAaJCb/bfmfbzLs4pVUaJbGjoPaFdIrVdT2IgPABbGJ0hhZjhMVX
H+I2WQA2TQODEeLYdds2ZoaTK17GAkMKNp6Hpu9cM4eGZXglvUwFes65I+sJNeaQ
XmO0ztf4CFenc91ksVDSZhLqmsEgUtsgF78YQ8y0sygbaQ3HKK36hcACgbjjwJKH
M1+Fa0/CiS9povV5Ia2gGRTECYhmLVd2lmKnhjUbm2ZJPat5WU2YbeIQDWW6D/Tq
WLgVONJKRDWiWPrCVASqf0H2WLE4UGXhWNy2ARVzJyD0BFmqrBXkBpU6kKxSmX0c
zQcAYO/GXbnmUzVEZ/rVbscTyG51QMQjrPJmn1L6b0rGiI2HHvPoR8ApqKr7uS4X
skqgebH0GbphdbRCr7EZCdSla3CgM1soc5IYqnyTSOLDwvPrPRWkHmQXwN2Uv+sh
QZsxGnuxOhgLvoMyGKmmsXRHzIXyJYWVh6cwdwSay8/UTQ8CVDjhXRU4Jw1Ybhv4
MZKpRZz2PA6XL4UpdnmDHs8SFQmFHLg0D28Qew+hoO/Rs2qBibwIXE9ct4TlU/Qb
kY+AOXzhlW94W+43fKmqi+aZitowwmt8PYxrVSVMyWIDsgxCruCsTh67QI5JqeP4
edCrB4XrcCVCXRMFoimcAV4SDRY7DhlJTOVyU9AkbRgnRcuBl6t0OLPBu3lyvsWj
BuujVnhVwBRpn+9lrlTHcKDYXBhADPZCrtxmB3e6SxOFAr1aeBL2IfhKSClrmN1D
IrbxWCi4qPDgCoukSlPDqLFDVxsHQKvVZ9rxzenHnCBLbV4lnRdmoxu7y05qBc9F
AhdrMBwcL0Ekd1AVe87IXoCbMKTWDXdHzdD1uZqoyCaYdRd5OqqAgKCxJKhVjfcr
vje3X07btr6CFtbGM/srIoDiURPYaV5DSBw+6zl+sZJQUim2eiAeqJPD4ssy2ovD
QvpN6gV4
-----END PUBLIC KEY-----
Turner, et al. Expires 6 August 2025 [Page 18]
�
Internet-Draft ML-KEM in Certificates February 2025
SEQUENCE {
SEQUENCE {
OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.4.2 }
}
BIT_STRING { `00` `298aa10d423c8dda069d02bc59e6cdf03a096b8b3da
4cab9b80ca4a14907672ccef1ec4faf234a0bc5b7e9d473f2b3133b3b26a1d17
5cb67a7805919699c02f76531b99c5f89180704bb4ca4535c5b8972679c660a0
7c5e514b87009c862eb8f5157695efb3fc40a9def6b81c1cc02a249ae4f094ad
0d9bd3485c1c1c68080520a7c8c632032cee738154e5c5176c07da56024776a4
30fe76eacf665a3f7b832102215bc82f10939c8355704336a8fac1d81e4bb048
5aa5d7c74d6b59bbe5c5e972a0d8bac411b55b5d5557cd680a1a8f71b4eb86bc
48c9a0509731a54bd9d7290b27963e4372dc9b199cfdcac0b01acd28a6239511
2e4c43648d622c48c8234d01440e8cc376c927f23a5afc9ac0474c662274e424
525c8552ece3b3fe26516de901bc7d515bde89558e626c95c80b93342f801000
4f39e6c6c94871c5e344cab3966c835f9a96a59afd31c40286b38b1c1a78470b
ab947518934453ce86736a919f1f5a6d510a86f5454fc3980cb5c765bd2bd5f7
b36b1410d6635c8ceb47c4dda0d76a28eac939c71c3024804866c71626658442
163c2c22117e50acefce6378a985652302a4ef0c2ce0cc716b7796e2b6b2e377
7dfa1ac3da259a31b5a9b530f8cb638a81a62ac301849abaf95a7301bda30068
909bfdb7e67dbccbb38a5551a25b1a3a0f685748ad5753d8880f0016c6274861
66384c5571fe2365900364d038311e2d875db366686932b5ec602430a369e87a
6ef5c338786657825bd4c057aceb923eb0935e6905e63b4ced7f80857a773dd6
4b150d26612ea9ac12052db2017bf1843ccb4b3281b690dc728adfa85c00281b
8e3c09287335f856b4fc2892f69a2f57921ada01914c40988662d57769662a78
6351b9b66493dab79594d986de2100d65ba0ff4ea58b81538d24a4435a258fac
25404aa7f41f658b1385065e158dcb60115732720f40459aaac15e406953a90a
c52997d1ccd070060efc65db9e653354467fad56ec713c86e7540c423acf2669
f52fa6f4ac6888d871ef3e847c029a8aafbb92e17b24aa079b1f419ba6175b44
2afb11909d4a56b70a0335b28739218aa7c9348e2c3c2f3eb3d15a41e6417c0d
d94bfeb21419b311a7bb13a180bbe833218a9a6b17447cc85f225859587a7307
7049acbcfd44d0f025438e15d1538270d586e1bf83192a9459cf63c0e972f852
97679831ecf121509851cb8340f6f107b0fa1a0efd1b36a8189bc085c4f5cb78
4e553f41b918f80397ce1956f785bee377ca9aa8be6998ada30c26b7c3d8c6b5
5254cc96203b20c42aee0ac4e1ebb408e49a9e3f879d0ab0785eb7025425d130
5a2299c015e120d163b0e19494ce57253d0246d182745cb8197ab7438b3c1bb7
972bec5a306eba3567855c014699fef65ae54c770a0d85c18400cf642aedc660
777ba4b138502bd5a7812f621f84a48296b98dd4322b6f15828b8a8f0e00a8ba
44a53c3a8b143571b0740abd567daf1cde9c79c204b6d5e259d1766a31bbbcb4
e6a05cf4502176b301c1c2f41247750157bcec85e809b30a4d60d7747cdd0f5b
99aa8c826987517793aaa8080a0b124a8558df72bbe37b75f4edbb6be8216d6c
633fb2b2280e25113d8695e43481c3eeb397eb192505229b67a201ea893c3e2c
b32da8bc342fa4dea0578` }
}
The following is the ML-KEM-1024 public key corresponding to the
private key in the previous section.
Turner, et al. Expires 6 August 2025 [Page 19]
�
Internet-Draft ML-KEM in Certificates February 2025
-----BEGIN PUBLIC KEY-----
MIIGMjALBglghkgBZQMEBAMDggYhAEuUwpRQERGRgjs1FMmsHqPZglzLhjk6LfsE
ZU+iGS03v60cSXxlAu7lyoCnO/zguvWlSohYWkATl6PSMvQmp6+wgrwhpEMXCQ6q
x1ksLqiKZTxEkeoZOTEzX1LpiaPEzFbZxVNzLVfEcPtBq3WbZdLQREU4L82cTjRK
ESj6nhHgQ1jhku0BSyMjKn7isi4jcX9EER7jNXU5nDdkbamBPsmyEq/pTl3FwjMK
cpTMH0I0ptP7tPFoWriJLASssXzRwXDXsGEbanF2x5TMjGf1X8kjwq0gMQDzZZkY
gsMCQ9d4E4Q7XsfJZAMiY3BgkuzwDHUWvmTkWYykImwGm7XmfkF1zyKGyN1cSIps
WGHzG6oL0CaUcOi1Ud07zTjIbBL5zbF2x33ItsAqcB9HiQLIVT9pTA2CcntMSlws
EEEhKqEnSAi4IRGzd+x1IU6bGXj3YATUE52YYT9LjpjSCve1NAc6UJqVm3p1ZPm0
DKIYv2GCkyCoUCAXlU0yjXrGx2nsKXAHVuewaFs0DV4RgFlQSkmppQoQGY6xCleE
Z460J9e0uruVUpM7BiiXlz4TGOrwoOrDdYSmVAGxcD4EKszYN1MUg/JBytzRwdN4
EZ5pRCnbGZrIkeTFNDdXCFuzrng2ZzUMRFjZdnLoYegLHSZ5UQ6jpvI2DHekaULH
oGpVTSKAgMhLR67xTbF2IMsWwGqzChvkzacIK+n4fpwhHEaRY0mluo6qUgHHKUo8
CIW1O2V0UhCIJexkbJCgRhIyTufQMa/lNDEyy+9ntu+xpewoCbdzU4znez2LBOsL
PCJWAR5McWwZqLoHUr9xSSEXZJ8GFcMpD8KaRv3kvVLbkobWAziCRCWcFaesK2QK
YMwDN2pYQaP7ikc1aPqbGiZyFfNMAWl7Dw5icXXXIQW3cHwpueYUvcM6b2yBipU3
C0J4gte0dnlqnsbrmTJ0zZsjkagrpF4zk9Lprpchyp1sG5iLWCdxP5CmWF3pQzUo
wCsDzhC7X3IBOND7tMMMEma5GOUpJd/hezf5XSK8pU9HWRmshZCYwPDQisWHXvKb
Vv0UHm7xX3AKC2bzlZXFiBdzc8RmmyG8Bx5MOqXwtKMbYljzXaJKw80px/IJJBDF
B4NVsTj7U6a5rm4LnAgkPnuqRcRzduuMfxPUz1Gqc2+jFUDJJB83DaVEv5+cKNml
fi8qfKlaTktGbmQas7zHat8ROdVnpvErUvOmXn7AquJryqjFWDOwTlmZjryaGTD7
ttIjPFPSwfi5UY48Lec6Gd7ms4Clsylxz2ThKf1sH6bnXUojRQHpZt06VAr1yPTz
SmtKJT7ihJJWbV5nxvVYVfywUG+wbBVnRNmgOjGib6lMrRTxV7fzA9B6acdzdo/L
TQecCQWXA6DDqU3kuZ6jovFlg9D5Fwo5UNsHtPC8MIApJ/n3lhtiWYkmNqlQKicF
MDY3eZ3TRNpFHBz3v2eEDOsweauMa4wZJ/ZAU8YSRQxFyeYDvBZmbllrNHHhA7bx
VEdCTRcCIEgRH/vTfhxnD2TxS4p7MrlMGkm0XdL8OM1SidkQrWNgLPXhMELGSsZ5
e4n7VRrQjgWpLSAMzLfnEu8jyTEss1DwKatTfihzR/0wdawQkGp4PxxsB8y4j0Ei
jEvhxkD3kLXDpdXTynkklddLxGFWJljAesYAJ2uSSrW8m+HwSUy3b4L0YKdICXJm
M4HhaZlgYdeZhZ7FTU9cpcQRwB2xWXsWWXdmneE6koo0r7rCWP6oxHZCOclCHcMR
m/W0dpkgaXgyexxTRe90anmDhB8FbiU0EAqyTU6au9CxfGqVvUw8DkD2nhYSrO6y
i5kIbJURbnIEJziTOQv0a4mbNihrDr8ZR7uYhPcyyifagrGbXcDMf4iFcUkQiIsj
EMT5MZ1BCzTmQzuQA+IXa7mVJXRWEG6JUhY7i6WSUwzFqgrrQ605j+npe6pSPXpE
MWd8PTrwcZ5HXbhcqVr1CJvqvrBbL6q0iWumD4HIhHKle0aoKIJqDN+0RvgYkYLS
v16sTsHMXer1mcihPkgjVAbRf/3cg0S2xmmEqGiqkvoCInoIaVDrDIcB7VjcYod2
uYOILhF1
-----END PUBLIC KEY-----
SEQUENCE {
SEQUENCE {
OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.4.3 }
}
BIT_STRING { `00` `4b94c29450111191823b3514c9ac1ea3d9825ccb863
93a2dfb04654fa2192d37bfad1c497c6502eee5ca80a73bfce0baf5a54a88585
a401397a3d232f426a7afb082bc21a44317090eaac7592c2ea88a653c4491ea1
93931335f52e989a3c4cc56d9c553732d57c470fb41ab759b65d2d04445382fc
d9c4e344a1128fa9e11e04358e192ed014b23232a7ee2b22e23717f44111ee33
575399c37646da9813ec9b212afe94e5dc5c2330a7294cc1f4234a6d3fbb4f16
85ab8892c04acb17cd1c170d7b0611b6a7176c794cc8c67f55fc923c2ad20310
Turner, et al. Expires 6 August 2025 [Page 20]
�
Internet-Draft ML-KEM in Certificates February 2025
0f365991882c30243d77813843b5ec7c964032263706092ecf00c7516be64e45
98ca4226c069bb5e67e4175cf2286c8dd5c488a6c5861f31baa0bd0269470e8b
551dd3bcd38c86c12f9cdb176c77dc8b6c02a701f478902c8553f694c0d82727
b4c4a5c2c1041212aa1274808b82111b377ec75214e9b1978f76004d4139d986
13f4b8e98d20af7b534073a509a959b7a7564f9b40ca218bf61829320a850201
7954d328d7ac6c769ec29700756e7b0685b340d5e118059504a49a9a50a10198
eb10a5784678eb427d7b4babb9552933b062897973e1318eaf0a0eac37584a65
401b1703e042accd837531483f241cadcd1c1d378119e694429db199ac891e4c
5343757085bb3ae783667350c4458d97672e861e80b1d2679510ea3a6f2360c7
7a46942c7a06a554d228080c84b47aef14db17620cb16c06ab30a1be4cda7082
be9f87e9c211c46916349a5ba8eaa5201c7294a3c0885b53b657452108825ec6
46c90a04612324ee7d031afe5343132cbef67b6efb1a5ec2809b773538ce77b3
d8b04eb0b3c2256011e4c716c19a8ba0752bf71492117649f0615c3290fc29a4
6fde4bd52db9286d603388244259c15a7ac2b640a60cc03376a5841a3fb8a473
568fa9b1a267215f34c01697b0f0e627175d72105b7707c29b9e614bdc33a6f6
c818a95370b427882d7b476796a9ec6eb993274cd9b2391a82ba45e3393d2e9a
e9721ca9d6c1b988b5827713f90a6585de9433528c02b03ce10bb5f720138d0f
bb4c30c1266b918e52925dfe17b37f95d22bca54f475919ac859098c0f0d08ac
5875ef29b56fd141e6ef15f700a0b66f39595c588177373c4669b21bc071e4c3
aa5f0b4a31b6258f35da24ac3cd29c7f2092410c5078355b138fb53a6b9ae6e0
b9c08243e7baa45c47376eb8c7f13d4cf51aa736fa31540c9241f370da544bf9
f9c28d9a57e2f2a7ca95a4e4b466e641ab3bcc76adf1139d567a6f12b52f3a65
e7ec0aae26bcaa8c55833b04e59998ebc9a1930fbb6d2233c53d2c1f8b9518e3
c2de73a19dee6b380a5b32971cf64e129fd6c1fa6e75d4a234501e966dd3a540
af5c8f4f34a6b4a253ee28492566d5e67c6f55855fcb0506fb06c156744d9a03
a31a26fa94cad14f157b7f303d07a69c773768fcb4d079c09059703a0c3a94de
4b99ea3a2f16583d0f9170a3950db07b4f0bc30802927f9f7961b6259892636a
9502a2705303637799dd344da451c1cf7bf67840ceb3079ab8c6b8c1927f6405
3c612450c45c9e603bc16666e596b3471e103b6f15447424d17022048111ffbd
37e1c670f64f14b8a7b32b94c1a49b45dd2fc38cd5289d910ad63602cf5e1304
2c64ac6797b89fb551ad08e05a92d200cccb7e712ef23c9312cb350f029ab537
e287347fd3075ac10906a783f1c6c07ccb88f41228c4be1c640f790b5c3a5d5d
3ca792495d74bc461562658c07ac600276b924ab5bc9be1f0494cb76f82f460a
7480972663381e169996061d799859ec54d4f5ca5c411c01db1597b165977669
de13a928a34afbac258fea8c4764239c9421dc3119bf5b47699206978327b1c5
345ef746a7983841f056e2534100ab24d4e9abbd0b17c6a95bd4c3c0e40f69e1
612aceeb28b99086c95116e7204273893390bf46b899b36286b0ebf1947bb988
4f732ca27da82b19b5dc0cc7f8885714910888b2310c4f9319d410b34e6433b9
003e2176bb995257456106e8952163b8ba592530cc5aa0aeb43ad398fe9e97ba
a523d7a4431677c3d3af0719e475db85ca95af5089beabeb05b2faab4896ba60
f81c88472a57b46a828826a0cdfb446f8189182d2bf5eac4ec1cc5deaf599c8a
13e48235406d17ffddc8344b6c66984a868aa92fa02227a086950eb0c8701ed5
8dc628776b983882e1175` }
}
Turner, et al. Expires 6 August 2025 [Page 21]
�
Internet-Draft ML-KEM in Certificates February 2025
C.3. Example Certificates
| RFC EDITOR: Please replace the following reference to
| [I-D.ietf-lamps-dilithium-certificates] with a reference to the
| published RFC.
The following is the ML-KEM-512 certificate that corresponding to the
public key in the previous section signed with the ML-DSA-44 private
key from [I-D.ietf-lamps-dilithium-certificates].
-----BEGIN CERTIFICATE-----
MIINpDCCBBqgAwIBAgIUFZ/+byL9XMQsUk32/V4o0N44808wCwYJYIZIAWUDBAMR
MCIxDTALBgNVBAoTBElFVEYxETAPBgNVBAMTCExBTVBTIFdHMB4XDTIwMDIwMzA0
MzIxMFoXDTQwMDEyOTA0MzIxMFowIjENMAsGA1UEChMESUVURjERMA8GA1UEAxMI
TEFNUFMgV0cwggMyMAsGCWCGSAFlAwQEAQOCAyEAOZWBXll9EENVzymqUzPJMlGG
nVvNvkhxJPYCuLambBbEdhZIrXZc9dgAa1FekFp/CsB2sMYu+jKBU+fKVwFpnxMF
8ea8b5Cw5JtpNRK2zpkqi4AW3fwaZix+P5YZy9hp3Xca8wiWzNWRisbLd0ZsXneZ
ltZ/+aq8l1A/LHt+LQANhkUPsYB8pMq9pGWCWjHHiaG3pJGrOHJ2XTINC3GSD6IT
yUCTQWuDuBJOafZeYstQANzDeqmg//c5cMR3LzV9JBicpvUwVWjA4jdqN2KmjGBe
VjxdIJVy4Px1MsopRylTVWe1/EE8XoeS0kZFNsyAj5it10Zk8UFWb5AWqQpUGCmp
igRkzkGou0TC1Po8LCCUYHKO8UoafEybmNEiA7TMNSkWCpqy14OPf/a1OuBaoxp9
ZGt6+mxFkyUmo8N1Vhm+mUwhHCoxwFs0R4NsshUL4YKdrmsExVNc/1RuOSunl0EX
IPkk9JClrFSV8hNW1VC3gqZMFoi2tlW8x4Qhl6Q0wvZWO1t/CaeLzEiCMng1YdFv
TLq2dVQABQeBVwxmYEuBetElIpRzbosBhhpLWnRRm4tv5RSJpQcjkuWHYmxxN3ZX
XTOAahyOJzKvl8JoD1FmYzHE64u8BDHE+Wgy2vGzxFUo+6FT9seLHBmHApR8zTN3
J6RvtTuhHeXLQZE0aFlRbLatckAPPPIJsjau81pYCsh+s+MPr9Zpc8qKfdJnWvQf
ehe2FDPNGvgPdwiGn2ZUiEl5gLGsEKDNy2NqAO2GgbNeQpEkyoA1ByW4X4Ol6sOk
o8wWAJA+ZSk1YLmzNuWvDVKdrBoEgRkwLLepvMEQuUhRvwIRfxmdxIWoUrdHPwm4
MaaDHVtUwLeQ0iXPa7ktlGKibNsz3aUSPHqvDiaguDZV7qKL86gHRyUBj9a65LYB
z2G6q3Gno9NRl6ND50tKJywSXVQIlkJthbeVjTs4prqYfsNyJce0TNsS3eRTm0qw
gjY2g/BL96CcxcQd/oMKGxYuCzJDNDYvCEoURncjNEut0AD42MU3xI+ZjwUwfOvR
7eC4HDvFmgZaG21jsmyjUjBQMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUDsWS
pZcefo2geKhuRnTy+xH26NcwHwYDVR0jBBgwFoAUMpoHsfq7SPUqMJ8RoYmPhI4j
Iv8wCwYJYIZIAWUDBAMRA4IJdQDcV8LA/De8Ss6UL3tMcHXKc0iTXaBPPLyoCimW
KG/BhZ299qdyg6Qv/hWMxXfuQLvBIJUiE9boIUvDJH1Bv5q+wBXDM4Pcb585a972
fB7Lj7rTYwGezp4QRGsn4bMOUHtOS/9MaD9LAw8XlEDSl69KgN+jN+Cak+PS1Q3O
u+TpeM2fo304+3vTfHlNiePSNOqkd1pzs2nwVIbQGIWctpF1rIHC7NJ/XOO3ZsN3
Cr758OLyAotCdGCRnj16Fhxh1rJ976b6y+Yo96CDMgl22lYPJoihlBekuKc4ugkE
g4vJEwAtPlMoaogn7XJcWkKIhGKp1M7nG9KvgQxCRvIfRURuDyHaiOAkOayK+Hp6
4AV02pbYX/w1X9bW1KOeId42EUQpF2iFu3ilOJi1JmMFyMP8lZZYq/8fPv3KGZPF
YJpd6yaA7ReIQaNiFgCMqx7nw/Zti7sa2a5dor3YqYRjZ8UlJUuYUKxNDde/u46W
mIEGSYcynpOiEYbyeWmXW4ye7qhT1Q7bmFPV8Mjzn3rXytzUzUZfrK8j9cHxAozY
sF7RDuBmauliYfV1jaroCcHrohVTnSSiSMQKV4q6HjKPIpf4qENs4SVh9xkWXdbB
OaiGgFhsI+sxlDGPRwbKrj6gVcbyFuJIPRL1LylJ2qFXzpzHyfAS3fHFvgv+S0AJ
DnfNk3OcT7G9jQhESQOkTXA4LqxPI+0c6asvauXlICnN8RdOjraY4+DQL8cYidEi
SAnXsOKNSzj+b225zdPvfBB/4eJTtV7VdnQOhETJErofxEWbpA8zobl/+bu2smdY
Pg1a83hwVo+HxfkSz1iHW9WT9+iwhnm28RqzLdmmzZGJSfgEFkADriwXUEr+LIkX
0xeMGvyXxdxv9S6Y6y+n0Al0ql0tzGviVoDqA0xNLU+Mupou5ftDTJj7U1oxIUHj
Turner, et al. Expires 6 August 2025 [Page 22]
�
Internet-Draft ML-KEM in Certificates February 2025
HlFeE06+JRoTPbDcl+cBil31SlxuZ1u7cOE33nbPOw0jWDXeA8M5uE3aMQah5VRf
tZXmdijH4zEN1/++Q5oJAF1SCTsnTkZ0lk3ZlIfpO0H1sJpINzLlBO04dLlQx2Nc
NFIExuPsVO7kW1rDLqkh8srBKrdUa/8ngD3kppXW7iaBhSnUE0N6lrwi5g/fJbNU
H0W7r0b31u0KDQ8cNKlK8PZL5pu/ulJTGZ5Dz4HORwVt2aXQojZfGQ0rashKxes8
F+Ewgse7NUAt3HqX94+0SWpfpNCVlZknK5XfhZJV08XVZ2TkTDoJ6aBLqua/a5Xg
jWTwroAJuB84jx2B1eCeYxjt+3cEaB274XU++H6m5kP/1QtJ3L1r545NaRQAylZF
MwCtCTVyAavhrTcrQwhl8rVGAKOlXaCfHSln8y9u26qMHeL9BIP7JeMeZxCYQQ5b
QxN0WvGmK11W6XG2CTc0qQ0RdUOvfrXTfl5A+I6DS4T2Z26APgkoq2JSQihO3JEg
S7zknl2NoAummhweGU/qSPzX+4/KlxwcCCs8mD8ZkkwhdB5poU4uTES/eCO+rrm3
wxLmiIcv2RwNdN8bRkxm35SQCCfc6riit4AxkaRKz5b27FWedfkH9bOgQaQGxm/v
5IwGHsFGeQFJyV1pNvo0aB9vvMTL3VZOsoXooxrdlc0kv7jJ9Q6eF8ZAFYXvxnaS
D+/OsH1b1+6WCVZIDRzRsMauvaifYUZNMQQ/CKSkDkFPjBDY5Xca9yZkGl+S+Pzz
7ODu6y3lvvUk+V6sPKEAS4ejZOocriV75SPfz0WlRZoljJXOm3tKCo6L2e56ntVs
hRiIBaLG5stQf2EihTSZUf21zNjb15E7KcdbTtr8TE0iJAuVYxBtNRWsVhExOMO/
QqXWnHL015pv8Dubwt6iDr8ObCDNOItPtszlNjCz4yN51aGTrHGZ0CJcbcUWqxOm
W1wrQmnYWUaz1eDahmbnowXshqI8RcGqvzUlZ0/g6nEbAJZgbk7jozC1VlwOKMM4
erhkw5mrrpicX3cvP3wl3JyhB6vbAfK4XQH3CfrnK12BhpgG0+9V5DKxTL02f+5m
ckJI9cZqSYx8rhlDlNbR33kSOY0Ba2RwvmMxhdypd38l5S8oSwTRu5eJ4VrrSeeM
wiW3gIxLA+o+SD2iFKyafsWLeu+Axx5/HlIVB+g82dGKkZrrESEvO9LpdlaS+AMW
9BccbDD2SGE2UZKlK4zx2QwYvnFG/ZDRjmvQV0dQOxiy0j2l7WHmbedlTTUUd5FU
0cfSG+cJHnToa/VRU4mDHvFpnV+AF0dA1s0oemhN5vOqhDzHnKasFFpUDH88mS7K
gbXELYiHTQEB/s/Hr0crjwVQQCbJFe4bBJzhcnwuOcdNUKLmF7MidvoyKYYu20oE
P6F0/RoDwS2FW3RyrKeSzlLWnuarfTq84iMaPgKrOl8XNfaSgGRsG3kxGe0s3rVs
iwzaO8THoCLp6WpEebfucmSCMXtKfVG/28u/dvQkz1D0oqTcWqhQiDLqZI3HjdDr
io44DARVGKAsEvq75Jq91GXP+1R8yejpP1lZU4onX1i0E8DMuVEU85JN+kFXbS83
6nZHmYhgwj93IvetNiK5cJs2M19LnJj5GrONmPMizoXCIBjzDx0MO/3CoRF5achF
p598lYloyvlS1VYhwmLrpFmz0BB9OEepvdq0ZX11XM532I6WIF4lAUh0YEx1FInO
XJ74LC2uMxa92W6nceJAjiraJKhi4VnURhPa7MUt/2oA5WY8zzmVGn94UlPsEmPj
/nl7vXBVLb9Nojt9AkIO637bT+1wszCvOH8nelnzNDsCBi9B8+mdgzizEN08UKSk
dCaNbCB86LVeo+umyY5abmgr2NOI7XaSTqWMs7ezemR5AkIUka35LgVIKvZw2WEz
G3KxZImSviV+XMsakqGTdXof7k1usEcmbJ/EJLi9ecaxMZKuLjT9sFtNo8uvE/m1
1pf4bGnGXgBERGpZsqnm+JNxDDTbD1WntdPpyeF8/6iXd/eNiHboV830Olj0dXJ4
YbTrQBcWbfUeZ8+8gGJ0bgshMtPCrOdYVMAfWfcu7DyFi0tQdtS1pmo5Co+OwLxe
IyKgwlIYOghCE3r6SBCrx0+sTP0sixV5Refu2JIBkjoywPavmK3+109l1F0BkzST
fQ1pAwENGx0oLVFdZHB1f4CSlZaiq8Te7AtOfX6Qtba4w8bP1+j2FSVCWGt4goSv
s7TAwcrR1drv9BRiaH2qytnr8PcAAAAAAAAAAAAAAAAAAAAAFSM2QA==
-----END CERTIFICATE-----
SEQUENCE {
SEQUENCE {
[0] {
INTEGER { 2 }
}
INTEGER { `159ffe6f22fd5cc42c524df6fd5e28d0de38f34f` }
SEQUENCE {
OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 }
}
SEQUENCE {
Turner, et al. Expires 6 August 2025 [Page 23]
�
Internet-Draft ML-KEM in Certificates February 2025
SET {
SEQUENCE {
# organizationName
OBJECT_IDENTIFIER { 2.5.4.10 }
PrintableString { "IETF" }
}
}
SET {
SEQUENCE {
# commonName
OBJECT_IDENTIFIER { 2.5.4.3 }
PrintableString { "LAMPS WG" }
}
}
}
SEQUENCE {
UTCTime { "200203043210Z" }
UTCTime { "400129043210Z" }
}
SEQUENCE {
SET {
SEQUENCE {
# organizationName
OBJECT_IDENTIFIER { 2.5.4.10 }
PrintableString { "IETF" }
}
}
SET {
SEQUENCE {
# commonName
OBJECT_IDENTIFIER { 2.5.4.3 }
PrintableString { "LAMPS WG" }
}
}
}
SEQUENCE {
SEQUENCE {
OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.4.1 }
}
BIT_STRING { `00` `3995815e597d104355cf29aa5333c93251869d5
bcdbe487124f602b8b6a66c16c4761648ad765cf5d8006b515e905a7f0ac076b
0c62efa328153e7ca5701699f1305f1e6bc6f90b0e49b693512b6ce992a8b801
6ddfc1a662c7e3f9619cbd869dd771af30896ccd5918ac6cb77466c5e779996d
67ff9aabc97503f2c7b7e2d000d86450fb1807ca4cabda465825a31c789a1b7a
491ab3872765d320d0b71920fa213c94093416b83b8124e69f65e62cb5000dcc
37aa9a0fff73970c4772f357d24189ca6f5305568c0e2376a3762a68c605e563
c5d209572e0fc7532ca294729535567b5fc413c5e8792d2464536cc808f98add
74664f141566f9016a90a541829a98a0464ce41a8bb44c2d4fa3c2c209460728
Turner, et al. Expires 6 August 2025 [Page 24]
�
Internet-Draft ML-KEM in Certificates February 2025
ef14a1a7c4c9b98d12203b4cc3529160a9ab2d7838f7ff6b53ae05aa31a7d646
b7afa6c45932526a3c3755619be994c211c2a31c05b3447836cb2150be1829da
e6b04c5535cff546e392ba797411720f924f490a5ac5495f21356d550b782a64
c1688b6b655bcc7842197a434c2f6563b5b7f09a78bcc488232783561d16f4cb
ab6755400050781570c66604b817ad1252294736e8b01861a4b5a74519b8b6fe
51489a5072392e587626c713776575d33806a1c8e2732af97c2680f51666331c
4eb8bbc0431c4f96832daf1b3c45528fba153f6c78b1c198702947ccd337727a
46fb53ba11de5cb4191346859516cb6ad72400f3cf209b236aef35a580ac87eb
3e30fafd66973ca8a7dd2675af41f7a17b61433cd1af80f7708869f665488497
980b1ac10a0cdcb636a00ed8681b35e429124ca80350725b85f83a5eac3a4a3c
c1600903e65293560b9b336e5af0d529dac1a048119302cb7a9bcc110b94851b
f02117f199dc485a852b7473f09b831a6831d5b54c0b790d225cf6bb92d9462a
26cdb33dda5123c7aaf0e26a0b83655eea28bf3a8074725018fd6bae4b601cf6
1baab71a7a3d35197a343e74b4a272c125d540896426d85b7958d3b38a6ba987
ec37225c7b44cdb12dde4539b4ab082363683f04bf7a09cc5c41dfe830a1b162
e0b324334362f084a14467723344badd000f8d8c537c48f998f05307cebd1ede
0b81c3bc59a065a1b6d63b26c` }
}
[3] {
SEQUENCE {
SEQUENCE {
# keyUsage
OBJECT_IDENTIFIER { 2.5.29.15 }
BOOLEAN { TRUE }
OCTET_STRING {
BIT_STRING { b`001` }
}
}
SEQUENCE {
# subjectKeyIdentifier
OBJECT_IDENTIFIER { 2.5.29.14 }
OCTET_STRING {
OCTET_STRING { `0ec592a5971e7e8da078a86e4674f2fb11f6
e8d7` }
}
}
SEQUENCE {
# authorityKeyIdentifier
OBJECT_IDENTIFIER { 2.5.29.35 }
OCTET_STRING {
SEQUENCE {
[0 PRIMITIVE] { `329a07b1fabb48f52a309f11a1898f848
e2322ff` }
}
}
}
}
}
Turner, et al. Expires 6 August 2025 [Page 25]
�
Internet-Draft ML-KEM in Certificates February 2025
}
SEQUENCE {
OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 }
}
BIT_STRING { `00` `dc57c2c0fc37bc4ace942f7b4c7075ca7348935da04
f3cbca80a2996286fc1859dbdf6a77283a42ffe158cc577ee40bbc120952213d
6e8214bc3247d41bf9abec015c33383dc6f9f396bdef67c1ecb8fbad363019ec
e9e10446b27e1b30e507b4e4bff4c683f4b030f179440d297af4a80dfa337e09
a93e3d2d50dcebbe4e978cd9fa37d38fb7bd37c794d89e3d234eaa4775a73b36
9f05486d018859cb69175ac81c2ecd27f5ce3b766c3770abef9f0e2f2028b427
460919e3d7a161c61d6b27defa6facbe628f7a083320976da560f2688a19417a
4b8a738ba0904838bc913002d3e53286a8827ed725c5a42888462a9d4cee71bd
2af810c4246f21f45446e0f21da88e02439ac8af87a7ae00574da96d85ffc355
fd6d6d4a39e21de36114429176885bb78a53898b5266305c8c3fc959658abff1
f3efdca1993c5609a5deb2680ed178841a36216008cab1ee7c3f66d8bbb1ad9a
e5da2bdd8a9846367c525254b9850ac4d0dd7bfbb8e969881064987329e93a21
186f27969975b8c9eeea853d50edb9853d5f0c8f39f7ad7cadcd4cd465facaf2
3f5c1f1028cd8b05ed10ee0666ae96261f5758daae809c1eba215539d24a248c
40a578aba1e328f2297f8a8436ce12561f719165dd6c139a88680586c23eb319
4318f4706caae3ea055c6f216e2483d12f52f2949daa157ce9cc7c9f012ddf1c
5be0bfe4b40090e77cd93739c4fb1bd8d08444903a44d70382eac4f23ed1ce9a
b2f6ae5e52029cdf1174e8eb698e3e0d02fc71889d1224809d7b0e28d4b38fe6
f6db9cdd3ef7c107fe1e253b55ed576740e8444c912ba1fc4459ba40f33a1b97
ff9bbb6b267583e0d5af37870568f87c5f912cf58875bd593f7e8b08679b6f11
ab32dd9a6cd918949f804164003ae2c17504afe2c8917d3178c1afc97c5dc6ff
52e98eb2fa7d00974aa5d2dcc6be25680ea034c4d2d4f8cba9a2ee5fb434c98f
b535a312141e31e515e134ebe251a133db0dc97e7018a5df54a5c6e675bbb70e
137de76cf3b0d235835de03c339b84dda3106a1e5545fb595e67628c7e3310dd
7ffbe439a09005d52093b274e4674964dd99487e93b41f5b09a483732e504ed3
874b950c7635c345204c6e3ec54eee45b5ac32ea921f2cac12ab7546bff27803
de4a695d6ee26818529d413437a96bc22e60fdf25b3541f45bbaf46f7d6ed0a0
d0f1c34a94af0f64be69bbfba5253199e43cf81ce47056dd9a5d0a2365f190d2
b6ac84ac5eb3c17e13082c7bb35402ddc7a97f78fb4496a5fa4d0959599272b9
5df859255d3c5d56764e44c3a09e9a04baae6bf6b95e08d64f0ae8009b81f388
f1d81d5e09e6318edfb7704681dbbe1753ef87ea6e643ffd50b49dcbd6be78e4
d691400ca56453300ad09357201abe1ad372b430865f2b54600a3a55da09f1d2
967f32f6edbaa8c1de2fd0483fb25e31e671098410e5b4313745af1a62b5d56e
971b6093734a90d117543af7eb5d37e5e40f88e834b84f6676e803e0928ab625
242284edc91204bbce49e5d8da00ba69a1c1e194fea48fcd7fb8fca971c1c082
b3c983f19924c21741e69a14e2e4c44bf7823beaeb9b7c312e688872fd91c0d7
4df1b464c66df94900827dceab8a2b7803191a44acf96f6ec559e75f907f5b3a
041a406c66fefe48c061ec146790149c95d6936fa34681f6fbcc4cbdd564eb28
5e8a31add95cd24bfb8c9f50e9e17c6401585efc676920fefceb07d5bd7ee960
956480d1cd1b0c6aebda89f61464d31043f08a4a40e414f8c10d8e5771af7266
41a5f92f8fcf3ece0eeeb2de5bef524f95eac3ca1004b87a364ea1cae257be52
3dfcf45a5459a258c95ce9b7b4a0a8e8bd9ee7a9ed56c85188805a2c6e6cb507
f612285349951fdb5ccd8dbd7913b29c75b4edafc4c4d22240b9563106d3515a
c56113138c3bf42a5d69c72f4d79a6ff03b9bc2dea20ebf0e6c20cd388b4fb6c
Turner, et al. Expires 6 August 2025 [Page 26]
�
Internet-Draft ML-KEM in Certificates February 2025
ce53630b3e32379d5a193ac7199d0225c6dc516ab13a65b5c2b4269d85946b3d
5e0da8666e7a305ec86a23c45c1aabf3525674fe0ea711b0096606e4ee3a330b
5565c0e28c3387ab864c399abae989c5f772f3f7c25dc9ca107abdb01f2b85d0
1f709fae72b5d81869806d3ef55e432b14cbd367fee66724248f5c66a498c7ca
e194394d6d1df7912398d016b6470be633185dca9777f25e52f284b04d1bb978
9e15aeb49e78cc225b7808c4b03ea3e483da214ac9a7ec58b7aef80c71e7f1e5
21507e83cd9d18a919aeb11212f3bd2e9765692f80316f4171c6c30f64861365
192a52b8cf1d90c18be7146fd90d18e6bd05747503b18b2d23da5ed61e66de76
54d3514779154d1c7d21be7091e74e86bf5515389831ef1699d5f80174740d6c
d287a684de6f3aa843cc79ca6ac145a540c7f3c992eca81b5c42d88874d0101f
ecfc7af472b8f05504026c915ee1b049ce1727c2e39c74d50a2e617b32276fa3
229862edb4a043fa174fd1a03c12d855b7472aca792ce52d69ee6ab7d3abce22
31a3e02ab3a5f1735f69280646c1b793119ed2cdeb56c8b0cda3bc4c7a022e9e
96a4479b7ee726482317b4a7d51bfdbcbbf76f424cf50f4a2a4dc5aa8508832e
a648dc78dd0eb8a8e380c045518a02c12fabbe49abdd465cffb547cc9e8e93f5
959538a275f58b413c0ccb95114f3924dfa41576d2f37ea7647998860c23f772
2f7ad3622b9709b36335f4b9c98f91ab38d98f322ce85c22018f30f1d0c3bfdc
2a1117969c845a79f7c958968caf952d55621c262eba459b3d0107d3847a9bdd
ab4657d755cce77d88e96205e25014874604c751489ce5c9ef82c2dae3316bdd
96ea771e2408e2ada24a862e159d44613daecc52dff6a00e5663ccf39951a7f7
85253ec1263e3fe797bbd70552dbf4da23b7d02420eeb7edb4fed70b330af387
f277a59f3343b02062f41f3e99d8338b310dd3c50a4a474268d6c207ce8b55ea
3eba6c98e5a6e682bd8d388ed76924ea58cb3b7b37a647902421491adf92e054
82af670d961331b72b1648992be257e5ccb1a92a193757a1fee4d6eb047266c9
fc424b8bd79c6b13192ae2e34fdb05b4da3cbaf13f9b5d697f86c69c65e00444
46a59b2a9e6f893710c34db0f55a7b5d3e9c9e17cffa89777f78d8876e857cdf
43a58f475727861b4eb4017166df51e67cfbc8062746e0b2132d3c2ace75854c
01f59f72eec3c858b4b5076d4b5a66a390a8f8ec0bc5e2322a0c252183a08421
37afa4810abc74fac4cfd2c8b157945e7eed89201923a32c0f6af98adfed74f6
5d45d019334937d0d6903010d1b1d282d515d6470757f80929596a2abc4deec0
b4e7d7e90b5b6b8c3c6cfd7e8f6152542586b788284afb3b4c0c1cad1d5daeff
41462687daacad9ebf0f70000000000000000000000000000000015233640` }
}
| RFC EDITOR: Please replace the following reference to
| [I-D.ietf-lamps-dilithium-certificates] with a reference to the
| published RFC.
The following is the ML-KEM-768 certificate that corresponding to the
public key in the previous section signed with the ML-DSA-65 private
key from [I-D.ietf-lamps-dilithium-certificates].
-----BEGIN CERTIFICATE-----
MIISnTCCBZqgAwIBAgIUFZ/+byL9XMQsUk32/V4o0N44808wCwYJYIZIAWUDBAMS
MCIxDTALBgNVBAoTBElFVEYxETAPBgNVBAMTCExBTVBTIFdHMB4XDTIwMDIwMzA0
MzIxMFoXDTQwMDEyOTA0MzIxMFowIjENMAsGA1UEChMESUVURjERMA8GA1UEAxMI
TEFNUFMgV0cwggSyMAsGCWCGSAFlAwQEAgOCBKEAKYqhDUI8jdoGnQK8WebN8DoJ
a4s9pMq5uAykoUkHZyzO8exPryNKC8W36dRz8rMTOzsmodF1y2engFkZaZwC92Ux
Turner, et al. Expires 6 August 2025 [Page 27]
�
Internet-Draft ML-KEM in Certificates February 2025
uZxfiRgHBLtMpFNcW4lyZ5xmCgfF5RS4cAnIYuuPUVdpXvs/xAqd72uBwcwCokmu
TwlK0Nm9NIXBwcaAgFIKfIxjIDLO5zgVTlxRdsB9pWAkd2pDD+durPZlo/e4MhAi
FbyC8Qk5yDVXBDNqj6wdgeS7BIWqXXx01rWbvlxelyoNi6xBG1W11VV81oChqPcb
TrhrxIyaBQlzGlS9nXKQsnlj5DctybGZz9ysCwGs0opiOVES5MQ2SNYixIyCNNAU
QOjMN2ySfyOlr8msBHTGYidOQkUlyFUuzjs/4mUW3pAbx9UVveiVWOYmyVyAuTNC
+AEABPOebGyUhxxeNEyrOWbINfmpalmv0xxAKGs4scGnhHC6uUdRiTRFPOhnNqkZ
8fWm1RCob1RU/DmAy1x2W9K9X3s2sUENZjXIzrR8TdoNdqKOrJOcccMCSASGbHFi
ZlhEIWPCwiEX5QrO/OY3iphWUjAqTvDCzgzHFrd5bitrLjd336GsPaJZoxtam1MP
jLY4qBpirDAYSauvlacwG9owBokJv9t+Z9vMuzilVRolsaOg9oV0itV1PYiA8AFs
YnSGFmOExVcf4jZZADZNA4MR4th12zZmhpMrXsYCQwo2noem71wzh4ZleCW9TAV6
zrkj6wk15pBeY7TO1/gIV6dz3WSxUNJmEuqawSBS2yAXvxhDzLSzKBtpDccorfqF
wAKBuOPAkoczX4VrT8KJL2mi9XkhraAZFMQJiGYtV3aWYqeGNRubZkk9q3lZTZht
4hANZboP9OpYuBU40kpENaJY+sJUBKp/QfZYsThQZeFY3LYBFXMnIPQEWaqsFeQG
lTqQrFKZfRzNBwBg78ZdueZTNURn+tVuxxPIbnVAxCOs8mafUvpvSsaIjYce8+hH
wCmoqvu5LheySqB5sfQZumF1tEKvsRkJ1KVrcKAzWyhzkhiqfJNI4sPC8+s9FaQe
ZBfA3ZS/6yFBmzEae7E6GAu+gzIYqaaxdEfMhfIlhZWHpzB3BJrLz9RNDwJUOOFd
FTgnDVhuG/gxkqlFnPY8DpcvhSl2eYMezxIVCYUcuDQPbxB7D6Gg79GzaoGJvAhc
T1y3hOVT9BuRj4A5fOGVb3hb7jd8qaqL5pmK2jDCa3w9jGtVJUzJYgOyDEKu4KxO
HrtAjkmp4/h50KsHhetwJUJdEwWiKZwBXhINFjsOGUlM5XJT0CRtGCdFy4GXq3Q4
s8G7eXK+xaMG66NWeFXAFGmf72WuVMdwoNhcGEAM9kKu3GYHd7pLE4UCvVp4EvYh
+EpIKWuY3UMitvFYKLio8OAKi6RKU8OosUNXGwdAq9Vn2vHN6cecIEttXiWdF2aj
G7vLTmoFz0UCF2swHBwvQSR3UBV7zshegJswpNYNd0fN0PW5mqjIJph1F3k6qoCA
oLEkqFWN9yu+N7dfTtu2voIW1sYz+ysigOJRE9hpXkNIHD7rOX6xklBSKbZ6IB6o
k8PiyzLai8NC+k3qBXijUjBQMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQUQry1
oWf6MwRJYS29gYcFanUY94cwHwYDVR0jBBgwFoAUGwVj480zRhScjJ688jsKTlqQ
DuowCwYJYIZIAWUDBAMSA4IM7gDya3x1P7gnc/43+gwI1bbPyLFhkbPTUdbp8wrj
S6y1IBreYKD5+OSNsHx1sQ+vThL20hYZunwSyzM3ud/UFZJcpTYE3hLIqWYYlFfD
KXc9OUYfL4xYtwY9L7NuV9GitoPOZqXGxC8uFBcCPtgXnKKm+2VcUcp3WAdgnW6T
ohOKPc1JMN1ElgywyAeUKGyVu26WhQxltO/tD9NyWjjx88GJQB0EAhd+CUx2gJoG
71QWYaHKKKY2Ap66VvNY8EwfG8xHfd1agWXl+dR7OldlYHAflSrZyczt/m97CBfT
gz0q59YrtpgFC6A8f27DOns49/pcvFrFvnqbrB6olgn4g95w9a+zTjK+0LEOLuZ7
coxK7G52UM4+zm89rgiV6Lf57E+gq6PIg6VJQzWeNlii8vK2c4D9+ru9DWxrQYIp
lO011cW7q37cw1UenD7ouG6zd0Rgq5LIaoeQgwngLFoAEGl213xGJ7nFmPKweq6m
jEWArh8WFdQS8xaArVxh16Qhijpk9aIMRXP8kv7x8ORXIOQkfE2zVQnnjMt7zTO7
YbKY0ujPJwEga8UsP95V3ApLLNc4S9EIm/URSL9i1eA5Yf0/7qZub4512LN3tH9f
QGr96wtIGKmMmD/M/ON86GXWRMvQW8w3DSgi73RuM5WH+IVZ8kRgdwx6ff/Flbd3
PXXmxziQd6JdOIDn2JeTaEfZd6MxJ8juknEQTotIzOhSNJ08zcQqkCu0OQIcNMaK
vzbzEDP+VbiIGxL6n7Y3JRnp+ACA2pWbB5lUl7Ex2OMCO9zrGAL5f98+5RFId7Mz
2gQOah/y2FFHVw72TB3XFzyPuThiTSeXW/sQUMkvGXcb6cgUA25Umuq+tvKuktLt
H7Rrj13+g+cSgkDMKpHPx2aVTaZ3hchDqQhplLu8adVkjaXldrrU/le3JYUwZCsL
4ZCbWfEZeRgq7rVirSSEm8U1psE5mFZ0LqewLz87FKIYmTFVY25Xew+T4O/BC35P
k3xp5pP99ShC+0o0YyStQziC2PmNNzjm6xHGYAYas7gyfpqVz93ooN5lg9uMTnLs
SdAD/jsumB9nLGFPJ9tNYmL6AbnlBZiBwg2oSuIlSUBTCMFmbt+4QvsgeqjHx7nQ
Z+oc8x7D3tSiVcf+sTICFRO6br2FF2PHDlTvKudW6ziFLsYWkkNK4K68p4GO983H
R8pd0uXyhICMHSgriODpHmbTvyV2Vzh9+AKCt8PLiixeKzBL0Q6A2lquMk+cJP8f
Q4QJL/TbUJ1B0yy1GVy6oToID+zM7ZUwI85VEqBnwWqA/UU3pggJg1CjItGrgM9x
fGkPVjPZ9IjadgB0tgfHZ97gW6YiocaXmu6rrYF6rxYkWDaww9Uq8CQsrv7YRb2Q
OeLCem1jyo/98YeMxVxBXZtAqMfgbAd2f0pa9Y3u84OBvdLNIyHXDWgmIhHG4uy1
Turner, et al. Expires 6 August 2025 [Page 28]
�
Internet-Draft ML-KEM in Certificates February 2025
6JO6OxdU9qoEyw3s/8hCAQbQZfEHTsTTbR+ij35PCZHfYOZiFUZozMCSslHSrbIc
+hmjd5slvDnbuxwCnhJX5dOnWRQtWzbUg4kJFwSven+MCQ6d8CS6RZbEHOwvCD4B
qIHUaR1+lT9bW8kynPMZk6GdKCvyAEVnf9ka4mIiJrzycqBwwdOTlfKsESviE2yd
9YyBF3adS6eOKiuE71HJ7h1gnpxQJLtrC0q4y4Rmh9arwDb5nQ7QrF4mG+jUMFLL
sR8jd+/QHGmpZ5qhUfxyti2qQOteGjDlXtA2guahqCSX71GUpXLTY3VYisnWzoM/
xdoMhKy+maEJ1mOeyrPnmOXh/mxLWpwcN42QH3u+iktGa66LKNwk5P4+1aSjV62k
6jWvWAF6bSgr7hhffyt8Nr70HklYQg3NZpo5ivpzYzCJ6r5dm0yuL6pxJg098RYu
3CfyjyOHB/FVhx+e9ADQ1I/NbkGyDvIj/AqD0TLbG9AyXU968SP3AEmedi3IZLGO
EtA373hLW/rnVCa15+3rcLcQACfJwv8VwbIpeZSBh7fZ26KcR2Rj0vV7Qn786ZbK
6aG9SlHpRCsV6hiQdsCYr1k+X0a7wrRr80fHrCd07vqG/hl4dbFu/IhMeQ243K6n
3FTnHclYDoKaUQCmlOfgp9/3djAb/rOVwiPMoXkVS8JAJPa3gazejnITG+W209T1
ukA+AYvpAR2qd1ysBjZnZxbEswAWKk2z6O/056/F1AQaIVRgKBIYzuwE1lLNLNV4
OgLUZ791oEfjVx/1QqhgLBd3pY/U3535OlM8lCURjdMo0EuxsrIY3AxDQHdnSTsw
EzE6ZDFLCFEKEEw/iVJul8qKUtFuoqsQMX51A2L1AosbaPzawY6RU2/BWFqew2A4
K5Wm5YDwilHYlpBy3+F1ByNUI5+ayXMFwQi0dqpD6QXpuRm38Ze+qy2YKtaAljeJ
xfcJjdIrx2LiAvKGHO6yMb+JVGliBZr38wS5fJX3sZY1gWE3uG82qMo9ft5ovmoE
ZMMb4GSBfX8WTyncPmO/t7/wv+JbVP/Hx0yv/7WWVY1pPoC6boEtY4YrIHve7lxv
S8NSixJ8ESLzffJZTGc9D/tDM6FRHobUZItSoFZwHpGGbfOrOD1Q8mWaVj2OxXh7
nlWrKX+WSZX59sR+Ez4eHejnNXFT2FGWrUfK05+0YooTn/4jZE/u8X9tSf/HJkKb
NyKoDeJ9lwf60iJFbQNf1zXVc0U3I9y833CvUz3V1XKZoZ6AQXcc5NW+lNpj0CPD
3Z3tjwYGIdpQopZW6qYk66yektO780fYKdqG3W+0QvFmV25DjKx0DcNXDgs6AXn8
Dehq70ogiRaqisQuXE0+Qy9MdXwx/9ytN6m3Th25dNg7PPKuPugbFAg3ev+RuPv0
a3BwLozRyAIp5VGuG7Iu0E80kAXQixkN3YQpcWhXTsJBfsrFyUVJLejYgX0Xmkj+
+2pf4+9IRf2nAwqcYRZylt1N0/x2/vVy7pz57NIoWGsQ9Vy8HcgK/rus1PWRhN36
ic5IoCgko/ctVpKZfX3Rhhm4qjWXEgzsiMj8/RhbKC2m/MobcCNCQUK26fwetMri
Sq62x3XTyaI4HU5kCQUdXcuaa13UvmFxNKqhKqJSYopCOk+2tP49qewc4dPKebbc
qYF8kVhpJB5cwifB3ieaRjU66PaTX2AwZNa0k3XrXmql9pQ6h6K7QJ+DucAJn1n0
FH0XElKBX2ebUC9luqUjHRKeJW/FDZEijj9ez8ssGMD4Elcut/qM1hNh1GB0hDN1
x8yE3KNwHJfs9bQxphoRYnw78rINuwUU9Yild15XLEa9CzUvwmOcwQXku/X4aVPv
0qsUnF414LGeySk/8XUcJewV/u9EdIm1XvL77iifRaV9CeRu4yEYPn737QCW7j+F
Ex4WrWbokI54n+SeBuvZ6Jfs/12lPjFVIsD9MM+YaIVA2846cVJ0Idc+o7MGXK5e
6p/2PjlRktXrYPVHrIRP3Ouc2js0IBEK6STubJFbSnAHTSRQqmcxph1BXLf6A1dd
7dt7R7tKbepBxWKYq5liC9Rqq2oatrbMARH59EWscoEAzZP0L0rio1KPknvM0ZBI
ibiszAb7sqkh7Hq7EoicirdXTjItOitSQWshGiuiKVqCE0jANM7lFhfO63XsFo7G
GuOuqQKDJTx+8F5qHs2s7yC4uZDDmMx+pZ36J6Mae5CcyeXVQDgkBZdU47tVCeB0
7WqaXFAdbJTKVwEkG3PSg9qp8SoDL6c9eQye/Hk1Z/vmf1tYHoPg8iJpx0iD/dEk
/73iGZEAr7U7NM/ldcDxCXO1mfBNSmixq6zp5jJEH9TCo+usT0dQKGW0N1zPyDrH
0qHWt1xSO0G6FPK4zTyEY/84z+ecXFvxxynXLYYCm5kEhK06PYiVY5OKOaBe9vma
qS66MzHNpfjNblJfG9O/HeiJLJ3vV7/F3U/kfxs3PStrMgoXMRt1KBrmIBB3F1xE
5WCaEONmuYSmJMZPbdkB+7rEsbC4v1cnyE0800BAGNYpVyPyTYbfPBthNEmYsBIV
KSYuVQ1259Ju69UE22dqnXnorsCZCXWEpmcmRO8/Gvb0Y7OYFWltDeGLFJRbJ4av
5dtNm2ZH53uLPi3aYsZU9cyfxh7AcbKSfQlRSVKCj6o0BQ3ZvmBPPOvcsUbUU5oo
FgCPOse60fvnKhEEO9zEnuU3RObcQPkDQRmMQ3OhibiGzOEOaU6PCEVJ3P+N+lJm
/0M2lNaYgaks0kmKoYdEmpLdmdGSCCB6HJ+nIIlwodrM0wK9SZUqkd+kFoGvGf7+
XkFvmlJbGn4UCaaHOUaDZsFBMiAcMAAcPv9FIM+A9NIjbC2imd0TJf+tLf6tLA6P
gFHtzTF9yuL8FSI+bbLr9go0PG2SnqPM4RQha4s2OoOvtNkQI2Smvu0AAAAAAAAA
AAAAAAAAAAAAAAAFDBUZHyU=
-----END CERTIFICATE-----
Turner, et al. Expires 6 August 2025 [Page 29]
�
Internet-Draft ML-KEM in Certificates February 2025
SEQUENCE {
SEQUENCE {
[0] {
INTEGER { 2 }
}
INTEGER { `159ffe6f22fd5cc42c524df6fd5e28d0de38f34f` }
SEQUENCE {
OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.18 }
}
SEQUENCE {
SET {
SEQUENCE {
# organizationName
OBJECT_IDENTIFIER { 2.5.4.10 }
PrintableString { "IETF" }
}
}
SET {
SEQUENCE {
# commonName
OBJECT_IDENTIFIER { 2.5.4.3 }
PrintableString { "LAMPS WG" }
}
}
}
SEQUENCE {
UTCTime { "200203043210Z" }
UTCTime { "400129043210Z" }
}
SEQUENCE {
SET {
SEQUENCE {
# organizationName
OBJECT_IDENTIFIER { 2.5.4.10 }
PrintableString { "IETF" }
}
}
SET {
SEQUENCE {
# commonName
OBJECT_IDENTIFIER { 2.5.4.3 }
PrintableString { "LAMPS WG" }
}
}
}
SEQUENCE {
SEQUENCE {
OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.4.2 }
Turner, et al. Expires 6 August 2025 [Page 30]
�
Internet-Draft ML-KEM in Certificates February 2025
}
BIT_STRING { `00` `298aa10d423c8dda069d02bc59e6cdf03a096b8
b3da4cab9b80ca4a14907672ccef1ec4faf234a0bc5b7e9d473f2b3133b3b26a
1d175cb67a7805919699c02f76531b99c5f89180704bb4ca4535c5b8972679c6
60a07c5e514b87009c862eb8f5157695efb3fc40a9def6b81c1cc02a249ae4f0
94ad0d9bd3485c1c1c68080520a7c8c632032cee738154e5c5176c07da560247
76a430fe76eacf665a3f7b832102215bc82f10939c8355704336a8fac1d81e4b
b0485aa5d7c74d6b59bbe5c5e972a0d8bac411b55b5d5557cd680a1a8f71b4eb
86bc48c9a0509731a54bd9d7290b27963e4372dc9b199cfdcac0b01acd28a623
95112e4c43648d622c48c8234d01440e8cc376c927f23a5afc9ac0474c662274
e424525c8552ece3b3fe26516de901bc7d515bde89558e626c95c80b93342f80
10004f39e6c6c94871c5e344cab3966c835f9a96a59afd31c40286b38b1c1a78
470bab947518934453ce86736a919f1f5a6d510a86f5454fc3980cb5c765bd2b
d5f7b36b1410d6635c8ceb47c4dda0d76a28eac939c71c3024804866c7162665
8442163c2c22117e50acefce6378a985652302a4ef0c2ce0cc716b7796e2b6b2
e3777dfa1ac3da259a31b5a9b530f8cb638a81a62ac301849abaf95a7301bda3
0068909bfdb7e67dbccbb38a5551a25b1a3a0f685748ad5753d8880f0016c627
486166384c5571fe2365900364d038311e2d875db366686932b5ec602430a369
e87a6ef5c338786657825bd4c057aceb923eb0935e6905e63b4ced7f80857a77
3dd64b150d26612ea9ac12052db2017bf1843ccb4b3281b690dc728adfa85c00
281b8e3c09287335f856b4fc2892f69a2f57921ada01914c40988662d5776966
2a786351b9b66493dab79594d986de2100d65ba0ff4ea58b81538d24a4435a25
8fac25404aa7f41f658b1385065e158dcb60115732720f40459aaac15e406953
a90ac52997d1ccd070060efc65db9e653354467fad56ec713c86e7540c423acf
2669f52fa6f4ac6888d871ef3e847c029a8aafbb92e17b24aa079b1f419ba617
5b442afb11909d4a56b70a0335b28739218aa7c9348e2c3c2f3eb3d15a41e641
7c0dd94bfeb21419b311a7bb13a180bbe833218a9a6b17447cc85f225859587a
73077049acbcfd44d0f025438e15d1538270d586e1bf83192a9459cf63c0e972
f85297679831ecf121509851cb8340f6f107b0fa1a0efd1b36a8189bc085c4f5
cb784e553f41b918f80397ce1956f785bee377ca9aa8be6998ada30c26b7c3d8
c6b55254cc96203b20c42aee0ac4e1ebb408e49a9e3f879d0ab0785eb7025425
d1305a2299c015e120d163b0e19494ce57253d0246d182745cb8197ab7438b3c
1bb7972bec5a306eba3567855c014699fef65ae54c770a0d85c18400cf642aed
c660777ba4b138502bd5a7812f621f84a48296b98dd4322b6f15828b8a8f0e00
a8ba44a53c3a8b143571b0740abd567daf1cde9c79c204b6d5e259d1766a31bb
bcb4e6a05cf4502176b301c1c2f41247750157bcec85e809b30a4d60d7747cdd
0f5b99aa8c826987517793aaa8080a0b124a8558df72bbe37b75f4edbb6be821
6d6c633fb2b2280e25113d8695e43481c3eeb397eb192505229b67a201ea893c
3e2cb32da8bc342fa4dea0578` }
}
[3] {
SEQUENCE {
SEQUENCE {
# keyUsage
OBJECT_IDENTIFIER { 2.5.29.15 }
BOOLEAN { TRUE }
OCTET_STRING {
BIT_STRING { b`001` }
Turner, et al. Expires 6 August 2025 [Page 31]
�
Internet-Draft ML-KEM in Certificates February 2025
}
}
SEQUENCE {
# subjectKeyIdentifier
OBJECT_IDENTIFIER { 2.5.29.14 }
OCTET_STRING {
OCTET_STRING { `42bcb5a167fa330449612dbd8187056a7518
f787` }
}
}
SEQUENCE {
# authorityKeyIdentifier
OBJECT_IDENTIFIER { 2.5.29.35 }
OCTET_STRING {
SEQUENCE {
[0 PRIMITIVE] { `1b0563e3cd3346149c8c9ebcf23b0a4e5
a900eea` }
}
}
}
}
}
}
SEQUENCE {
OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.18 }
}
BIT_STRING { `00` `f26b7c753fb82773fe37fa0c08d5b6cfc8b16191b3d
351d6e9f30ae34bacb5201ade60a0f9f8e48db07c75b10faf4e12f6d21619ba7
c12cb3337b9dfd415925ca53604de12c8a966189457c329773d39461f2f8c58b
7063d2fb36e57d1a2b683ce66a5c6c42f2e1417023ed8179ca2a6fb655c51ca7
75807609d6e93a2138a3dcd4930dd44960cb0c80794286c95bb6e96850c65b4e
fed0fd3725a38f1f3c189401d0402177e094c76809a06ef541661a1ca28a6360
29eba56f358f04c1f1bcc477ddd5a8165e5f9d47b3a576560701f952ad9c9cce
dfe6f7b0817d3833d2ae7d62bb698050ba03c7f6ec33a7b38f7fa5cbc5ac5be7
a9bac1ea89609f883de70f5afb34e32bed0b10e2ee67b728c4aec6e7650ce3ec
e6f3dae0895e8b7f9ec4fa0aba3c883a54943359e3658a2f2f2b67380fdfabbb
d0d6c6b41822994ed35d5c5bbab7edcc3551e9c3ee8b86eb3774460ab92c86a8
7908309e02c5a00106976d77c4627b9c598f2b07aaea68c4580ae1f1615d412f
31680ad5c61d7a4218a3a64f5a20c4573fc92fef1f0e45720e4247c4db35509e
78ccb7bcd33bb61b298d2e8cf2701206bc52c3fde55dc0a4b2cd7384bd1089bf
51148bf62d5e03961fd3feea66e6f8e75d8b377b47f5f406afdeb0b4818a98c9
83fccfce37ce865d644cbd05bcc370d2822ef746e339587f88559f24460770c7
a7dffc595b7773d75e6c7389077a25d3880e7d897936847d977a33127c8ee927
1104e8b48cce852349d3ccdc42a902bb439021c34c68abf36f31033fe55b8881
b12fa9fb6372519e9f80080da959b07995497b131d8e3023bdceb1802f97fdf3
ee5114877b333da040e6a1ff2d85147570ef64c1dd7173c8fb938624d27975bf
b1050c92f19771be9c814036e549aeabeb6f2ae92d2ed1fb46b8f5dfe83e7128
240cc2a91cfc766954da67785c843a9086994bbbc69d5648da5e576bad4fe57b
Turner, et al. Expires 6 August 2025 [Page 32]
�
Internet-Draft ML-KEM in Certificates February 2025
7258530642b0be1909b59f11979182aeeb562ad24849bc535a6c1399856742ea
7b02f3f3b14a218993155636e577b0f93e0efc10b7e4f937c69e693fdf52842f
b4a346324ad433882d8f98d3738e6eb11c660061ab3b8327e9a95cfdde8a0de6
583db8c4e72ec49d003fe3b2e981f672c614f27db4d6262fa01b9e5059881c20
da84ae22549405308c1666edfb842fb207aa8c7c7b9d067ea1cf31ec3ded4a25
5c7feb132021513ba6ebd851763c70e54ef2ae756eb38852ec61692434ae0aeb
ca7818ef7cdc747ca5dd2e5f284808c1d282b88e0e91e66d3bf257657387df80
282b7c3cb8a2c5e2b304bd10e80da5aae324f9c24ff1f4384092ff4db509d41d
32cb5195cbaa13a080feccced953023ce5512a067c16a80fd4537a608098350a
322d1ab80cf717c690f5633d9f488da760074b607c767dee05ba622a1c6979ae
eabad817aaf16245836b0c3d52af0242caefed845bd9039e2c27a6d63ca8ffdf
1878cc55c415d9b40a8c7e06c07767f4a5af58deef38381bdd2cd2321d70d682
62211c6e2ecb5e893ba3b1754f6aa04cb0decffc8420106d065f1074ec4d36d1
fa28f7e4f0991df60e662154668ccc092b251d2adb21cfa19a3779b25bc39dbb
b1c029e1257e5d3a759142d5b36d48389091704af7a7f8c090e9df024ba4596c
41cec2f083e01a881d4691d7e953f5b5bc9329cf31993a19d282bf20045677fd
91ae2622226bcf272a070c1d39395f2ac112be2136c9df58c8117769d4ba78e2
a2b84ef51c9ee1d609e9c5024bb6b0b4ab8cb846687d6abc036f99d0ed0ac5e2
61be8d43052cbb11f2377efd01c69a9679aa151fc72b62daa40eb5e1a30e55ed
03682e6a1a82497ef5194a572d36375588ac9d6ce833fc5da0c84acbe99a109d
6639ecab3e798e5e1fe6c4b5a9c1c378d901f7bbe8a4b466bae8b28dc24e4fe3
ed5a4a357ada4ea35af58017a6d282bee185f7f2b7c36bef41e4958420dcd669
a398afa73633089eabe5d9b4cae2faa71260d3df1162edc27f28f238707f1558
71f9ef400d0d48fcd6e41b20ef223fc0a83d132db1bd0325d4f7af123f700499
e762dc864b18e12d037ef784b5bfae75426b5e7edeb70b7100027c9c2ff15c1b
22979948187b7d9dba29c476463d2f57b427efce996cae9a1bd4a51e9442b15e
a189076c098af593e5f46bbc2b46bf347c7ac2774eefa86fe197875b16efc884
c790db8dcaea7dc54e71dc9580e829a5100a694e7e0a7dff776301bfeb395c22
3cca179154bc24024f6b781acde8e72131be5b6d3d4f5ba403e018be9011daa7
75cac0636676716c4b300162a4db3e8eff4e7afc5d4041a215460281218ceec0
4d652cd2cd5783a02d467bf75a047e3571ff542a8602c1777a58fd4df9df93a5
33c9425118dd328d04bb1b2b218dc0c43407767493b3013313a64314b08510a1
04c3f89526e97ca8a52d16ea2ab10317e750362f5028b1b68fcdac18e91536fc
1585a9ec360382b95a6e580f08a51d8969072dfe175072354239f9ac97305c10
8b476aa43e905e9b919b7f197beab2d982ad680963789c5f7098dd22bc762e20
2f2861ceeb231bf89546962059af7f304b97c95f7b19635816137b86f36a8ca3
d7ede68be6a0464c31be064817d7f164f29dc3e63bfb7bff0bfe25b54ffc7c74
cafffb596558d693e80ba6e812d63862b207bdeee5c6f4bc3528b127c1122f37
df2594c673d0ffb4333a1511e86d4648b52a056701e91866df3ab383d50f2659
a563d8ec5787b9e55ab297f964995f9f6c47e133e1e1de8e7357153d85196ad4
7cad39fb4628a139ffe23644feef17f6d49ffc726429b3722a80de27d9707fad
222456d035fd735d573453723dcbcdf70af533dd5d57299a19e8041771ce4d5b
e94da63d023c3dd9ded8f060621da50a29656eaa624ebac9e92d3bbf347d829d
a86dd6fb442f166576e438cac740dc3570e0b3a0179fc0de86aef4a208916aa8
ac42e5c4d3e432f4c757c31ffdcad37a9b74e1db974d83b3cf2ae3ee81b14083
77aff91b8fbf46b70702e8cd1c80229e551ae1bb22ed04f349005d08b190ddd8
4297168574ec2417ecac5c945492de8d8817d179a48fefb6a5fe3ef4845fda70
30a9c61167296dd4dd3fc76fef572ee9cf9ecd228586b10f55cbc1dc80afebba
Turner, et al. Expires 6 August 2025 [Page 33]
�
Internet-Draft ML-KEM in Certificates February 2025
cd4f59184ddfa89ce48a02824a3f72d5692997d7dd18619b8aa3597120cec88c
8fcfd185b282da6fcca1b7023424142b6e9fc1eb4cae24aaeb6c775d3c9a2381
d4e6409051d5dcb9a6b5dd4be617134aaa12aa252628a423a4fb6b4fe3da9ec1
ce1d3ca79b6dca9817c915869241e5cc227c1de279a46353ae8f6935f603064d
6b49375eb5e6aa5f6943a87a2bb409f83b9c0099f59f4147d171252815f679b5
02f65baa5231d129e256fc50d91228e3f5ecfcb2c18c0f812572eb7fa8cd6136
1d46074843375c7cc84dca3701c97ecf5b431a61a11627c3bf2b20dbb0514f58
8a5775e572c46bd0b352fc2639cc105e4bbf5f86953efd2ab149c5e35e0b19ec
9293ff1751c25ec15feef447489b55ef2fbee289f45a57d09e46ee321183e7ef
7ed0096ee3f85131e16ad66e8908e789fe49e06ebd9e897ecff5da53e315522c
0fd30cf98688540dbce3a71527421d73ea3b3065cae5eea9ff63e395192d5eb6
0f547ac844fdceb9cda3b3420110ae924ee6c915b4a70074d2450aa6731a61d4
15cb7fa03575deddb7b47bb4a6dea41c56298ab99620bd46aab6a1ab6b6cc011
1f9f445ac728100cd93f42f4ae2a3528f927bccd1904889b8accc06fbb2a921e
c7abb12889c8ab7574e322d3a2b52416b211a2ba2295a821348c034cee51617c
eeb75ec168ec61ae3aea90283253c7ef05e6a1ecdacef20b8b990c398cc7ea59
dfa27a31a7b909cc9e5d5403824059754e3bb5509e074ed6a9a5c501d6c94ca5
701241b73d283daa9f12a032fa73d790c9efc793567fbe67f5b581e83e0f2226
9c74883fdd124ffbde2199100afb53b34cfe575c0f10973b599f04d4a68b1aba
ce9e632441fd4c2a3ebac4f47502865b4375ccfc83ac7d2a1d6b75c523b41ba1
4f2b8cd3c8463ff38cfe79c5c5bf1c729d72d86029b990484ad3a3d889563938
a39a05ef6f99aa92eba3331cda5f8cd6e525f1bd3bf1de8892c9def57bfc5dd4
fe47f1b373d2b6b320a17311b75281ae6201077175c44e5609a10e366b984a62
4c64f6dd901fbbac4b1b0b8bf5727c84d3cd3404018d6295723f24d86df3c1b6
1344998b0121529262e550d76e7d26eebd504db676a9d79e8aec099097584a66
72644ef3f1af6f463b39815696d0de18b14945b2786afe5db4d9b6647e77b8b3
e2dda62c654f5cc9fc61ec071b2927d09514952828faa34050dd9be604f3cebd
cb146d4539a2816008f3ac7bad1fbe72a11043bdcc49ee53744e6dc40f903411
98c4373a189b886cce10e694e8f084549dcff8dfa5266ff433694d69881a92cd
2498aa187449a92dd99d19208207a1c9fa7208970a1daccd302bd49952a91dfa
41681af19fefe5e416f9a525b1a7e1409a68739468366c14132201c30001c3ef
f4520cf80f4d2236c2da299dd1325ffad2dfead2c0e8f8051edcd317dcae2fc1
5223e6db2ebf60a343c6d929ea3cce114216b8b363a83afb4d9102364a6beed0
00000000000000000000000000000000000050c15191f25` }
}
| RFC EDITOR: Please replace the following reference to
| [I-D.ietf-lamps-dilithium-certificates] with a reference to the
| published RFC.
The following is the ML-KEM-1024 certificate that corresponding to
the public key in the previous section signed with the ML-DSA-87
private key from [I-D.ietf-lamps-dilithium-certificates].
Turner, et al. Expires 6 August 2025 [Page 34]
�
Internet-Draft ML-KEM in Certificates February 2025
-----BEGIN CERTIFICATE-----
MIIZQzCCBxqgAwIBAgIUFZ/+byL9XMQsUk32/V4o0N44808wCwYJYIZIAWUDBAMT
MCIxDTALBgNVBAoTBElFVEYxETAPBgNVBAMTCExBTVBTIFdHMB4XDTIwMDIwMzA0
MzIxMFoXDTQwMDEyOTA0MzIxMFowIjENMAsGA1UEChMESUVURjERMA8GA1UEAxMI
TEFNUFMgV0cwggYyMAsGCWCGSAFlAwQEAwOCBiEAS5TClFAREZGCOzUUyaweo9mC
XMuGOTot+wRlT6IZLTe/rRxJfGUC7uXKgKc7/OC69aVKiFhaQBOXo9Iy9Canr7CC
vCGkQxcJDqrHWSwuqIplPESR6hk5MTNfUumJo8TMVtnFU3MtV8Rw+0GrdZtl0tBE
RTgvzZxONEoRKPqeEeBDWOGS7QFLIyMqfuKyLiNxf0QRHuM1dTmcN2RtqYE+ybIS
r+lOXcXCMwpylMwfQjSm0/u08WhauIksBKyxfNHBcNewYRtqcXbHlMyMZ/VfySPC
rSAxAPNlmRiCwwJD13gThDtex8lkAyJjcGCS7PAMdRa+ZORZjKQibAabteZ+QXXP
IobI3VxIimxYYfMbqgvQJpRw6LVR3TvNOMhsEvnNsXbHfci2wCpwH0eJAshVP2lM
DYJye0xKXCwQQSEqoSdICLghEbN37HUhTpsZePdgBNQTnZhhP0uOmNIK97U0BzpQ
mpWbenVk+bQMohi/YYKTIKhQIBeVTTKNesbHaewpcAdW57BoWzQNXhGAWVBKSaml
ChAZjrEKV4RnjrQn17S6u5VSkzsGKJeXPhMY6vCg6sN1hKZUAbFwPgQqzNg3UxSD
8kHK3NHB03gRnmlEKdsZmsiR5MU0N1cIW7OueDZnNQxEWNl2cuhh6AsdJnlRDqOm
8jYMd6RpQsegalVNIoCAyEtHrvFNsXYgyxbAarMKG+TNpwgr6fh+nCEcRpFjSaW6
jqpSAccpSjwIhbU7ZXRSEIgl7GRskKBGEjJO59Axr+U0MTLL72e277Gl7CgJt3NT
jOd7PYsE6ws8IlYBHkxxbBmougdSv3FJIRdknwYVwykPwppG/eS9UtuShtYDOIJE
JZwVp6wrZApgzAM3alhBo/uKRzVo+psaJnIV80wBaXsPDmJxddchBbdwfCm55hS9
wzpvbIGKlTcLQniC17R2eWqexuuZMnTNmyORqCukXjOT0umulyHKnWwbmItYJ3E/
kKZYXelDNSjAKwPOELtfcgE40Pu0wwwSZrkY5Skl3+F7N/ldIrylT0dZGayFkJjA
8NCKxYde8ptW/RQebvFfcAoLZvOVlcWIF3NzxGabIbwHHkw6pfC0oxtiWPNdokrD
zSnH8gkkEMUHg1WxOPtTprmubgucCCQ+e6pFxHN264x/E9TPUapzb6MVQMkkHzcN
pUS/n5wo2aV+Lyp8qVpOS0ZuZBqzvMdq3xE51Wem8StS86ZefsCq4mvKqMVYM7BO
WZmOvJoZMPu20iM8U9LB+LlRjjwt5zoZ3uazgKWzKXHPZOEp/WwfpuddSiNFAelm
3TpUCvXI9PNKa0olPuKEklZtXmfG9VhV/LBQb7BsFWdE2aA6MaJvqUytFPFXt/MD
0Hppx3N2j8tNB5wJBZcDoMOpTeS5nqOi8WWD0PkXCjlQ2we08LwwgCkn+feWG2JZ
iSY2qVAqJwUwNjd5ndNE2kUcHPe/Z4QM6zB5q4xrjBkn9kBTxhJFDEXJ5gO8FmZu
WWs0ceEDtvFUR0JNFwIgSBEf+9N+HGcPZPFLinsyuUwaSbRd0vw4zVKJ2RCtY2As
9eEwQsZKxnl7iftVGtCOBaktIAzMt+cS7yPJMSyzUPApq1N+KHNH/TB1rBCQang/
HGwHzLiPQSKMS+HGQPeQtcOl1dPKeSSV10vEYVYmWMB6xgAna5JKtbyb4fBJTLdv
gvRgp0gJcmYzgeFpmWBh15mFnsVNT1ylxBHAHbFZexZZd2ad4TqSijSvusJY/qjE
dkI5yUIdwxGb9bR2mSBpeDJ7HFNF73RqeYOEHwVuJTQQCrJNTpq70LF8apW9TDwO
QPaeFhKs7rKLmQhslRFucgQnOJM5C/RriZs2KGsOvxlHu5iE9zLKJ9qCsZtdwMx/
iIVxSRCIiyMQxPkxnUELNOZDO5AD4hdruZUldFYQbolSFjuLpZJTDMWqCutDrTmP
6el7qlI9ekQxZ3w9OvBxnkdduFypWvUIm+q+sFsvqrSJa6YPgciEcqV7RqgogmoM
37RG+BiRgtK/XqxOwcxd6vWZyKE+SCNUBtF//dyDRLbGaYSoaKqS+gIieghpUOsM
hwHtWNxih3a5g4guEXWjUjBQMA4GA1UdDwEB/wQEAwIFIDAdBgNVHQ4EFgQU2oIY
LDnr2zUNkE7kvFB7cgQ/+iMwHwYDVR0jBBgwFoAUiYhnULV8JNs/wBLmHt5ZdTM3
N08wCwYJYIZIAWUDBAMTA4ISFAB0Ilvfx69mChnV48hOgGE9RRQLmMKyjFn4sKDx
FO8grAAsxKw9hdEkv+TKqayLkCkxeDnhL/HIOnDRXxZ9iVUMcCUrhcerYIIZiUeu
CJYYHAk0Wv/eQF+qzT3UNREKdljBD7rlem7wRC7oT6vf304BFsDOQmL3yL3gh8hI
ycxU5SMh3dH6Gj1wSug91LVBV/QhLebDixXuKOe/q5dyNQRk1lI4im5ysGCkGzdq
UZuanqBYvvE0c1dvvgeG9+qV9ARQOxmOaKYQMENVVA9HbzGV66GUrR19jK9z1bRI
OSzFCba83oGHKyC9bHCLfvtXFXRxNVlDHGk7dRm2dAOds/iWJL4cu/M2O8rWaxIt
ypfeieyKbr6CQjGzWqQ5lNYC3piMO9Byl6QxvZqBPhFeLbXYc3ZFhk250oz7m+LF
DpHX0+uf4SROW51EDoo3gN3hQPp9usgYQcfprP/SpxGmxJ03GaHv/tFF/pEwCAT+
sGPjYGsT14KVNG//guI4cHs9pE6s5Y8lslD1AUjFg8VQlIqF2JCPnaOGyagdEem3
Turner, et al. Expires 6 August 2025 [Page 35]
�
Internet-Draft ML-KEM in Certificates February 2025
mazLJ0y2KCnFMhqp3oGaVWXC2LSwyOLe0XKeJWRbuvXQ4Wl81OItyLX86fjol8bO
nCG83V3w4L3Omizd9SdnBtd6uv+1S6oxEvNcs7+pw6TN/6EuUaRPhi/jYr8Zpplq
JfsCOUoLs6hJLjrD5QMmCCxYCrV76ea6Moyyr1/0mfElOkkTLMLzKN5p4vqPEdAd
N5vDAT8g4Yn0MsRPqqK0pXyUA7Ax9ISGuQebeF9rBEtoEIG+bq4wXBWxmG2gQ3Ki
ctNDS5LUZS23n85pZ8t002IX6fXD3JYtn4UMJEjbSh3+s6WY3A1qG00bLJL4chIq
+G8mBAZm0/e0Kxb+H7Y1tWZnTe+pi08fKwRcPTEdHXLKU8bS53e3A851y8cNrGs0
dNHaDQHjcboFgDhXS4geBY6iwzHGdmfDKcA5mxURP+XUgG6HBLuCYCmx0S5OzP+F
ZY+bChnR7z0j8bTl4YOOIiaHyh2CW8frGsIlw1tBINezLWa7sr+4rx6C1CK0F2J/
IdYIdEMLiL8Yx85wL0q0EufDoc/HPQRe3hDDtYsex3RMr83osZI+okf+3vtMoLv3
CJxyZIp8Di65SuZRHZ5KNW/DGFWGAobRHbS6Va37KTjzysg1VsdM6wqcIYFvOMV/
mvUVJ2MbXSawQuwKVMjYeibT8n55S9iL7mcfnivLgl7QNO86vaks8ZRpnZEA+FVS
QiS0K9eZnBTI7L4bzJKZHgTg0tcd13qZXZtUpQdXxquS63o0lDZs7k5iKx7Xt3Pz
T1f2y5ADQIrSPJ9Ytw71TubGotB39vkiqwvrF2fl7n/Ia8aEHp3k6x1OUbOcQ7G7
PW+sE2mdgy+2FcSlyomFXDent9ayH135V2k87/YYwtJjt2rFMSRogut01AtKJ/On
C1E2X5s5U9FXmeuy1ss/U6zHZ+VEiSSZlBu1ej6/yrsCAsu03/HepXMfbh4NuB4X
yUTGRYg4rF12nH8ah9Er33b4iYM6zf5JVPRPba+6oDjQHYAjvD+gRF9D5t64PcaQ
JAA381HRYqtigLpS1NaAD2bUvg2JYsZEkymXs1w+iG8aLBcakJpqmwKazFczcpZJ
nAfhVAopjRQTyGxyslH+01Kd4ZUiP4LKZCkNrQjsNspIHIaAPMp0kL/FA03tfGwe
sZvcvlnJYD7PIrwxCWdIFW24A6yaGKg4xE1NO9oJQWLRNDDY6IyOYf9jw4YNlcG5
wsJ5IsbUcUckGOPHiRx9IHSiOFewb5KWjQUN79wA9/w1SWToG2fUSrfUSNhEvsV5
F+As9EcQvgVGtINulzWWHxfCGbfVHZ8EO35xQG077xcEGMhMz9eNWQR8GdQOLy2k
QjNlZV9U9pKa5CcVjkBRHPpfsFOMT4qHW6Arv6VoNcTwUuobFtl6DYWTeU/qrmN3
e5gM176CKneRS8IoDF8nZeCDCeHAD17g4V9UUKNaeHaVQZ4elvvVwPhZvdrTGoIp
+VZrYIJqltUCZwvBvsxy6ILzZHCGTLTQwWaHSiaRLVKUPVymXVBnzj2cReDb4pk8
/bQu/03ZSquOub6PTV/8U7ejb4fXXa6TEWQa2Sao7ziqYIUTfwoPzNfvz4eLFMPw
j7USnBXe8mV+MOgL2ncK7aobOIyfPwal5IEAA5ovPmY63T1JQGdAoumKTO7NOVb5
hR/fXq25OrWf77Df3vlNdi5n1GC7UFXN2FdJ4wJl3X8my5L3sVOtzAWKMAqBLbqN
cKFKxMvbYI6gBT79Vm9f4LgwGEf9lFQUk3ysP/uQFwURGGglzPN4GmIrNHPNx5yB
bUU74kQ8d5KOYmP09S6gyxVd17nau6i4BkxwA69HnIS7RDXfg7kFnrnNvk0ySHFb
a8YmLTK4n5HEO2KRSoayIjMq5j7CvTZZag/emL3dSdFsNsnqJclUl5RImlXg5xnv
nf5x+lXcx7IZ3fBau3yE001C4W+ljlh9EzaRqTt0vT2JuJ/Mn4iRws/a7CYdX3+L
FINsrgkOJwbgUOFZGG/LShXe1OjPxbVnE0TMl35QqC6tYyY+57lqb1cBc3+ZPmTc
Q7yOeHfGAhdI7aYRV8Gqt2nx8ZwuhCJRuuxWGYjbpx9StbbVeSmQyQODoUUeXvBR
7DjFqKVRz3CXFW0j8SMRJiXCk8pQb3J+cbyA2AuXJkBlkIYswLVgH2NT3onbnhO6
0YbkUiv7d8AARktu1VHDpJWr5JgMSQ05k5b2rqKD0CPHWphapFFyEDBESeLLmnUH
WXf0aNl7VrYrXYRzEXzUGDf61yUJbBw9gTLMDC8WGHl/NPth57aZ1Ao/IB8Ir3z2
vXABqKz3Byk8klGzEa37tist+sZjN87DhKGjAUcolgoOn8F9p+SAwnLVLMhBo+Yi
Fpu5hwAIggzYhC+fgH17Oz8m8SEL+o6LUoAtleMZPQCgbSb88CvBZPHBPa3l6+qF
cORCrafkR7eKWUBCcJejSzUvap2ViqDSnerLHl0cppKvL0B9Jf++DO5RARKhTLdL
BKCHsfGVWJh+cpePHdMM0Kzax5K46RjbKrK0v7qD5oHfHQOI6RV3oJ/SXuZr5HRq
jHgy6quxwksp5w1il324kdoQ+VzaVHNbd7Oyngk8hM1RC2/HVyE/8xJjlZUxMolx
/D460FpuXdxyuYg7Z46sHNv1o3O7sRiOFXJfOH9wVb6H4PAo3T8kK1HASaA4fXq1
lj4NGV4eSD0bxDNJv+7uywbUTTKzy5ObF4swVgkfQHtRkGoXZwSTkIGnGw+bwOwO
GIz2W0T4YZVwbHs6gChn7cCQnqUmrFH+wZn54qY5FDX9ZyGsP2qxeb5zh7GtZx4T
WjcEkEok2O2YwvteSxYUPM/5lkol5edy9e5kua8YKEEFue04CghZv37ROQnh5+/s
NFZooNTzP7iPDcYuPMYSCpbowrVaRRxu7A3+IK37n9gkB9NMXT4xXizv79ey3gO9
xrk+2aa8GTC4JEXM3EUjiLIhlQ/GFLk6xPi0y9/dX4txmRzGi6DEyi6yfpog2xho
56zUqHZ2qcKBmEyrKzd99JmDe3Riw9C0Lci3SzKP1DvNQktDerm5TkyhJbOQl5Y5
Turner, et al. Expires 6 August 2025 [Page 36]
�
Internet-Draft ML-KEM in Certificates February 2025
fjkksJjUdEvWOGysJHx7GlUZRGPytXgTuXKEZ6oMObXt6+/lQFdB4117dsamPdl+
IXyc9FxgwMCyaECP72CuvJwCNRrPEIxlRJAaMPYhalgltqGGFm8vDhyKgfbAyhIv
OrkH6/7oOY8V/9SS6XtRIZD8WpLsxIKhB+spvtFSA3mkgLOw+Vx46CtV+91f5rJd
HcDAqOMl/KebHbt0gTKiIncx4ICUS3OcTmF5MEhSxwBHqTGeF2u6w62h9jlpp+JD
m34hh9A1gH3OwsnBGcBMxb6H23iXNGYZYyWyneIluQTvRT0CnKra8hgm8ONjXK6F
N8BZepxBL1Bu7TQIH1iYUW5LnQzIEm6eIf/iaUz6S4RRT042Cek8YWWpkhAf4ko0
0syLPVpPPxSZMpj2rUKmyOiPxLtHeVhE1QHeUS9YqkjEH9W31g68lzI/1OwIAPmX
8/0W2ehncAXZzcvaqKn3sVF0ntfY6zexcvkWKnQntyrVik6feikCRDym5CguxGzv
leBp4PVF9kMJ+lbRTCgvu+rAu70sm7HRYkbtvUQzdAkdIQYNGYa5Ah9+y/oI0vy1
C4Yz5c5D4XLN6lomHL/N/e2A6RPwCa4i5BdVDButLBAiXg8QLeicikPLxmnzVJdV
hat/2VgWDPmrW2hOfHgka+S4muOUcxHkLLKz4vIy4H6aUztSnjod5P/03JrQOm8q
iBzhOYA9tzOKxNOn8SxlWlJHhT8vb7KX3pT9dKmWqfTPn5gYlnT8rexudJkcX0pY
Qm9cLNKThdRAwP/t7Yk9evt6qh7g///JMZjKMIHtPE+mL5m/xiBjGNiA1JkV5/vl
55tWqRGoJMv0qgcPvM9IKvUMk65x2gjH5os1fuV52BgVOpcwhbLJEmHG4wd/IEo9
GrW7rFFGL4vyUNhxxXsmAsfhYsoSRR/s3GlX1FwPDxqUw+VS2duVCHYvKDBsZaLP
Ergt6fDalHKZVTnI2tVGNH3fFpAmBC5V8Iq8thzK4fRK2yF8nGP4HYSWNqQc2P5o
hB8wvEofpGjitBdNqlujkBMcNsLPPk9ZnUmQ3/erzFw34b0jTMUBrsfleaG2Kf1S
9CG6YUiULoMoRh8cPSSrvaGCxfNx9M/WkaI8JvDsEL19ASBYqu3bOV2bCutPgbfP
Bd1C6N8fNNzJ7hPSVAqz980TtfmgK+dj4NqhEw5AaVxy4+9IVGt6JhYAT8F//ATK
xfAe44nD1Bj8UGN+seYwEk7dKaCd703yP6CNu9447k/3xkvtwcwtL40Kqmza6913
B64HvQ2GjSaOdIAkaPq1ACy+2OI+S1kIvOTKBemHF3KMJf02+1ZdAhwJ4uJSnGDi
uVT8svHM779FgIUMZjOmdE8dI7jpRKsw3czgucG2r/EPYRVa1B8cQd9iq8Xw1/Ce
7CbgROAqmfboMupDgA+QEV9Nf2aAwqQTEs6yG5saOtoNiCULXwNmh18RPWhZhKqm
voXPxnZyZ2VsN3jlcFB2WG5lngf+r//d32QX8ptGQHmETXxIvMmRG2p2TS7PAthx
T45SNsbL5jNQFysjJQWTlGGYGjNGQJHtqhmiIwpUICoJNymGfYEkrg84QKo7+NdX
xZFd7HAAw9MdSl1tvkLX+uiFzl+2d/d+SvAxHD3qDitg/90tUDLAoAxmaYO3lmFy
kTuJUMVJLhkavp3LC2Q5K+mgevqlnw4h+sw2lY0a7RVLLnHc6/FVi/sC/Smu1u8u
019R3unx8faluUtqsRvlxAjtH1feQdIApy5FFp5m8t+Ixpe1QipBTN3Aa+g3bph0
hWw7u9JgPOja0lIJDDyGwWhyv4iCsII1OSKhHdLn3U34BCQ8nTY2DPqvojpRKg7u
PVnSPpbAdLnfSU3Z+x4eQZiZLKQ8LwcOnU6+J8S2Mneboj4t8chpblbFqXEX2GDy
jE6JffIAEtZan8bJyuD9lNJgr4raeyt2rqRLmpoY1Emk5HSioIjsgUTu92FeMp/b
YWP6Fc/rXHoYl5xR5kUW4BtiB+592H/XdJzPHJQx2kjzS4gh1NH5s0yENMOWYTar
0HJecZth4BF3SNDzElWcOvGWnMQj/fpkHgAq+aqXa2UCd4P/FaEXVUOuxy+vnHwe
qqigp/mWD19+DiTyv7WEe+o/AomHctLyigGFlR2zs3yLXSwNnDJ6YANpgMlEspwS
3ToM7PbcVC9vDfjKhGdAhvdVT1lr7IU0fYeMVppE6HkoKS6tbsokb9qtbvtvWCfz
I6342qm7BW6/SiZEx/Sl/DzF8qA3eLHM0xFR2kvHsn+5AB5ucy2ZOJF2W9XuwYSU
BPoRrmdIWKQYC8/MD5PtZMqUoEGvHl6jFpfbO6+RP6NakpA+q4Tl4xuDNyeKqOdD
9+XdE3acWR/r+JseircGaBDDkpjBElcYgZuLfqKrx1+G5i6t6gWopcNtLmVcuAWv
HVT854OIkNIUoqfnESODrczb3C5kjJ230df4V156qMbJBwwcJFtzf5ObyO3ycnd/
kNggIp4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIDxcdKS4x
-----END CERTIFICATE-----
SEQUENCE {
SEQUENCE {
[0] {
INTEGER { 2 }
}
INTEGER { `159ffe6f22fd5cc42c524df6fd5e28d0de38f34f` }
Turner, et al. Expires 6 August 2025 [Page 37]
�
Internet-Draft ML-KEM in Certificates February 2025
SEQUENCE {
OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.19 }
}
SEQUENCE {
SET {
SEQUENCE {
# organizationName
OBJECT_IDENTIFIER { 2.5.4.10 }
PrintableString { "IETF" }
}
}
SET {
SEQUENCE {
# commonName
OBJECT_IDENTIFIER { 2.5.4.3 }
PrintableString { "LAMPS WG" }
}
}
}
SEQUENCE {
UTCTime { "200203043210Z" }
UTCTime { "400129043210Z" }
}
SEQUENCE {
SET {
SEQUENCE {
# organizationName
OBJECT_IDENTIFIER { 2.5.4.10 }
PrintableString { "IETF" }
}
}
SET {
SEQUENCE {
# commonName
OBJECT_IDENTIFIER { 2.5.4.3 }
PrintableString { "LAMPS WG" }
}
}
}
SEQUENCE {
SEQUENCE {
OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.4.3 }
}
BIT_STRING { `00` `4b94c29450111191823b3514c9ac1ea3d9825cc
b86393a2dfb04654fa2192d37bfad1c497c6502eee5ca80a73bfce0baf5a54a8
8585a401397a3d232f426a7afb082bc21a44317090eaac7592c2ea88a653c449
1ea193931335f52e989a3c4cc56d9c553732d57c470fb41ab759b65d2d044453
82fcd9c4e344a1128fa9e11e04358e192ed014b23232a7ee2b22e23717f44111
Turner, et al. Expires 6 August 2025 [Page 38]
�
Internet-Draft ML-KEM in Certificates February 2025
ee33575399c37646da9813ec9b212afe94e5dc5c2330a7294cc1f4234a6d3fbb
4f1685ab8892c04acb17cd1c170d7b0611b6a7176c794cc8c67f55fc923c2ad2
03100f365991882c30243d77813843b5ec7c964032263706092ecf00c7516be6
4e4598ca4226c069bb5e67e4175cf2286c8dd5c488a6c5861f31baa0bd026947
0e8b551dd3bcd38c86c12f9cdb176c77dc8b6c02a701f478902c8553f694c0d8
2727b4c4a5c2c1041212aa1274808b82111b377ec75214e9b1978f76004d4139
d98613f4b8e98d20af7b534073a509a959b7a7564f9b40ca218bf61829320a85
02017954d328d7ac6c769ec29700756e7b0685b340d5e118059504a49a9a50a1
0198eb10a5784678eb427d7b4babb9552933b062897973e1318eaf0a0eac3758
4a65401b1703e042accd837531483f241cadcd1c1d378119e694429db199ac89
1e4c5343757085bb3ae783667350c4458d97672e861e80b1d2679510ea3a6f23
60c77a46942c7a06a554d228080c84b47aef14db17620cb16c06ab30a1be4cda
7082be9f87e9c211c46916349a5ba8eaa5201c7294a3c0885b53b65745210882
5ec646c90a04612324ee7d031afe5343132cbef67b6efb1a5ec2809b773538ce
77b3d8b04eb0b3c2256011e4c716c19a8ba0752bf71492117649f0615c3290fc
29a46fde4bd52db9286d603388244259c15a7ac2b640a60cc03376a5841a3fb8
a473568fa9b1a267215f34c01697b0f0e627175d72105b7707c29b9e614bdc33
a6f6c818a95370b427882d7b476796a9ec6eb993274cd9b2391a82ba45e3393d
2e9ae9721ca9d6c1b988b5827713f90a6585de9433528c02b03ce10bb5f72013
8d0fbb4c30c1266b918e52925dfe17b37f95d22bca54f475919ac859098c0f0d
08ac5875ef29b56fd141e6ef15f700a0b66f39595c588177373c4669b21bc071
e4c3aa5f0b4a31b6258f35da24ac3cd29c7f2092410c5078355b138fb53a6b9a
e6e0b9c08243e7baa45c47376eb8c7f13d4cf51aa736fa31540c9241f370da54
4bf9f9c28d9a57e2f2a7ca95a4e4b466e641ab3bcc76adf1139d567a6f12b52f
3a65e7ec0aae26bcaa8c55833b04e59998ebc9a1930fbb6d2233c53d2c1f8b95
18e3c2de73a19dee6b380a5b32971cf64e129fd6c1fa6e75d4a234501e966dd3
a540af5c8f4f34a6b4a253ee28492566d5e67c6f55855fcb0506fb06c156744d
9a03a31a26fa94cad14f157b7f303d07a69c773768fcb4d079c09059703a0c3a
94de4b99ea3a2f16583d0f9170a3950db07b4f0bc30802927f9f7961b6259892
636a9502a2705303637799dd344da451c1cf7bf67840ceb3079ab8c6b8c1927f
64053c612450c45c9e603bc16666e596b3471e103b6f15447424d17022048111
ffbd37e1c670f64f14b8a7b32b94c1a49b45dd2fc38cd5289d910ad63602cf5e
13042c64ac6797b89fb551ad08e05a92d200cccb7e712ef23c9312cb350f029a
b537e287347fd3075ac10906a783f1c6c07ccb88f41228c4be1c640f790b5c3a
5d5d3ca792495d74bc461562658c07ac600276b924ab5bc9be1f0494cb76f82f
460a7480972663381e169996061d799859ec54d4f5ca5c411c01db1597b16597
7669de13a928a34afbac258fea8c4764239c9421dc3119bf5b47699206978327
b1c5345ef746a7983841f056e2534100ab24d4e9abbd0b17c6a95bd4c3c0e40f
69e1612aceeb28b99086c95116e7204273893390bf46b899b36286b0ebf1947b
b9884f732ca27da82b19b5dc0cc7f8885714910888b2310c4f9319d410b34e64
33b9003e2176bb995257456106e8952163b8ba592530cc5aa0aeb43ad398fe9e
97baa523d7a4431677c3d3af0719e475db85ca95af5089beabeb05b2faab4896
ba60f81c88472a57b46a828826a0cdfb446f8189182d2bf5eac4ec1cc5deaf59
9c8a13e48235406d17ffddc8344b6c66984a868aa92fa02227a086950eb0c870
1ed58dc628776b983882e1175` }
}
[3] {
SEQUENCE {
Turner, et al. Expires 6 August 2025 [Page 39]
�
Internet-Draft ML-KEM in Certificates February 2025
SEQUENCE {
# keyUsage
OBJECT_IDENTIFIER { 2.5.29.15 }
BOOLEAN { TRUE }
OCTET_STRING {
BIT_STRING { b`001` }
}
}
SEQUENCE {
# subjectKeyIdentifier
OBJECT_IDENTIFIER { 2.5.29.14 }
OCTET_STRING {
OCTET_STRING { `da82182c39ebdb350d904ee4bc507b72043f
fa23` }
}
}
SEQUENCE {
# authorityKeyIdentifier
OBJECT_IDENTIFIER { 2.5.29.35 }
OCTET_STRING {
SEQUENCE {
[0 PRIMITIVE] { `89886750b57c24db3fc012e61ede59753
337374f` }
}
}
}
}
}
}
SEQUENCE {
OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.19 }
}
BIT_STRING { `00` `74225bdfc7af660a19d5e3c84e80613d45140b98c2b
28c59f8b0a0f114ef20ac002cc4ac3d85d124bfe4caa9ac8b9029317839e12ff
1c83a70d15f167d89550c70252b85c7ab6082198947ae0896181c09345affde4
05faacd3dd435110a7658c10fbae57a6ef0442ee84fabdfdf4e0116c0ce4262f
7c8bde087c848c9cc54e52321ddd1fa1a3d704ae83dd4b54157f4212de6c38b1
5ee28e7bfab9772350464d652388a6e72b060a41b376a519b9a9ea058bef1347
3576fbe0786f7ea95f404503b198e68a610304355540f476f3195eba194ad1d7
d8caf73d5b448392cc509b6bcde81872b20bd6c708b7efb571574713559431c6
93b7519b674039db3f89624be1cbbf3363bcad66b122dca97de89ec8a6ebe824
231b35aa43994d602de988c3bd07297a431bd9a813e115e2db5d8737645864db
9d28cfb9be2c50e91d7d3eb9fe1244e5b9d440e8a3780dde140fa7dbac81841c
7e9acffd2a711a6c49d3719a1effed145fe91300804feb063e3606b13d782953
46fff82e238707b3da44eace58f25b250f50148c583c550948a85d8908f9da38
6c9a81d11e9b799accb274cb62829c5321aa9de819a5565c2d8b4b0c8e2ded17
29e25645bbaf5d0e1697cd4e22dc8b5fce9f8e897c6ce9c21bcdd5df0e0bdce9
a2cddf5276706d77abaffb54baa3112f35cb3bfa9c3a4cdffa12e51a44f862fe
Turner, et al. Expires 6 August 2025 [Page 40]
�
Internet-Draft ML-KEM in Certificates February 2025
362bf19a6996a25fb02394a0bb3a8492e3ac3e50326082c580ab57be9e6ba328
cb2af5ff499f1253a49132cc2f328de69e2fa8f11d01d379bc3013f20e189f43
2c44faaa2b4a57c9403b031f48486b9079b785f6b044b681081be6eae305c15b
1986da04372a272d3434b92d4652db79fce6967cb74d36217e9f5c3dc962d9f8
50c2448db4a1dfeb3a598dc0d6a1b4d1b2c92f872122af86f26040666d3f7b42
b16fe1fb635b566674defa98b4f1f2b045c3d311d1d72ca53c6d2e777b703ce7
5cbc70dac6b3474d1da0d01e371ba058038574b881e058ea2c331c67667c329c
0399b15113fe5d4806e8704bb826029b1d12e4eccff85658f9b0a19d1ef3d23f
1b4e5e1838e222687ca1d825bc7eb1ac225c35b4120d7b32d66bbb2bfb8af1e8
2d422b417627f21d60874430b88bf18c7ce702f4ab412e7c3a1cfc73d045ede1
0c3b58b1ec7744cafcde8b1923ea247fedefb4ca0bbf7089c72648a7c0e2eb94
ae6511d9e4a356fc31855860286d11db4ba55adfb2938f3cac83556c74ceb0a9
c21816f38c57f9af51527631b5d26b042ec0a54c8d87a26d3f27e794bd88bee6
71f9e2bcb825ed034ef3abda92cf194699d9100f855524224b42bd7999c14c8e
cbe1bcc92991e04e0d2d71dd77a995d9b54a50757c6ab92eb7a3494366cee4e6
22b1ed7b773f34f57f6cb9003408ad23c9f58b70ef54ee6c6a2d077f6f922ab0
beb1767e5ee7fc86bc6841e9de4eb1d4e51b39c43b1bb3d6fac13699d832fb61
5c4a5ca89855c37a7b7d6b21f5df957693ceff618c2d263b76ac531246882eb7
4d40b4a27f3a70b51365f9b3953d15799ebb2d6cb3f53acc767e544892499941
bb57a3ebfcabb0202cbb4dff1dea5731f6e1e0db81e17c944c6458838ac5d769
c7f1a87d12bdf76f889833acdfe4954f44f6dafbaa038d01d8023bc3fa0445f4
3e6deb83dc690240037f351d162ab6280ba52d4d6800f66d4be0d8962c644932
997b35c3e886f1a2c171a909a6a9b029acc57337296499c07e1540a298d1413c
86c72b251fed3529de195223f82ca64290dad08ec36ca481c86803cca7490bfc
5034ded7c6c1eb19bdcbe59c9603ecf22bc31096748156db803ac9a18a838c44
d4d3bda094162d13430d8e88c8e61ff63c3860d95c1b9c2c27922c6d47147241
8e3c7891c7d2074a23857b06f92968d050defdc00f7fc354964e81b67d44ab7d
448d844bec57917e02cf44710be0546b4836e9735961f17c219b7d51d9f043b7
e71406d3bef170418c84ccfd78d59047c19d40e2f2da4423365655f54f6929ae
427158e40511cfa5fb0538c4f8a875ba02bbfa56835c4f052ea1b16d97a0d859
3794feaae63777b980cd7be822a77914bc2280c5f2765e08309e1c00f5ee0e15
f5450a35a787695419e1e96fbd5c0f859bddad31a8229f9566b60826a96d5026
70bc1becc72e882f36470864cb4d0c166874a26912d52943d5ca65d5067ce3d9
c45e0dbe2993cfdb42eff4dd94aab8eb9be8f4d5ffc53b7a36f87d75dae93116
41ad926a8ef38aa6085137f0a0fccd7efcf878b14c3f08fb5129c15def2657e3
0e80bda770aedaa1b388c9f3f06a5e48100039a2f3e663add3d49406740a2e98
a4ceecd3956f9851fdf5eadb93ab59fefb0dfdef94d762e67d460bb5055cdd85
749e30265dd7f26cb92f7b153adcc058a300a812dba8d70a14ac4cbdb608ea00
53efd566f5fe0b8301847fd945414937cac3ffb90170511186825ccf3781a622
b3473cdc79c816d453be2443c77928e6263f4f52ea0cb155dd7b9dabba8b8064
c7003af479c84bb4435df83b9059eb9cdbe4d3248715b6bc6262d32b89f91c43
b62914a86b222332ae63ec2bd36596a0fde98bddd49d16c36c9ea25c95497944
89a55e0e719ef9dfe71fa55dcc7b219ddf05abb7c84d34d42e16fa58e587d133
691a93b74bd3d89b89fcc9f8891c2cfdaec261d5f7f8b14836cae090e2706e05
0e159186fcb4a15ded4e8cfc5b5671344cc977e50a82ead63263ee7b96a6f570
1737f993e64dc43bc8e7877c6021748eda61157c1aab769f1f19c2e842251bae
c561988dba71f52b5b6d5792990c90383a1451e5ef051ec38c5a8a551cf70971
56d23f123112625c293ca506f727e71bc80d80b9726406590862cc0b5601f635
Turner, et al. Expires 6 August 2025 [Page 41]
�
Internet-Draft ML-KEM in Certificates February 2025
3de89db9e13bad186e4522bfb77c000464b6ed551c3a495abe4980c490d39939
6f6aea283d023c75a985aa4517210304449e2cb9a75075977f468d97b56b62b5
d8473117cd41837fad725096c1c3d8132cc0c2f1618797f34fb61e7b699d40a3
f201f08af7cf6bd7001a8acf707293c9251b311adfbb62b2dfac66337cec384a
1a3014728960a0e9fc17da7e480c272d52cc841a3e622169bb9870008820cd88
42f9f807d7b3b3f26f1210bfa8e8b52802d95e3193d00a06d26fcf02bc164f1c
13dade5ebea8570e442ada7e447b78a5940427097a34b352f6a9d958aa0d29de
acb1e5d1ca692af2f407d25ffbe0cee510112a14cb74b04a087b1f19558987e7
2978f1dd30cd0acdac792b8e918db2ab2b4bfba83e681df1d0388e91577a09fd
25ee66be4746a8c7832eaabb1c24b29e70d62977db891da10f95cda54735b77b
3b29e093c84cd510b6fc757213ff31263959531328971fc3e3ad05a6e5ddc72b
9883b678eac1cdbf5a373bbb1188e15725f387f7055be87e0f028dd3f242b51c
049a0387d7ab5963e0d195e1e483d1bc43349bfeeeecb06d44d32b3cb939b178
b3056091f407b51906a176704939081a71b0f9bc0ec0e188cf65b44f86195706
c7b3a802867edc0909ea526ac51fec199f9e2a6391435fd6721ac3f6ab179be7
387b1ad671e135a3704904a24d8ed98c2fb5e4b16143ccff9964a25e5e772f5e
e64b9af18284105b9ed380a0859bf7ed13909e1e7efec345668a0d4f33fb88f0
dc62e3cc6120a96e8c2b55a451c6eec0dfe20adfb9fd82407d34c5d3e315e2ce
fefd7b2de03bdc6b93ed9a6bc1930b82445ccdc452388b221950fc614b93ac4f
8b4cbdfdd5f8b71991cc68ba0c4ca2eb27e9a20db1868e7acd4a87676a9c2819
84cab2b377df499837b7462c3d0b42dc8b74b328fd43bcd424b437ab9b94e4ca
125b3909796397e3924b098d4744bd6386cac247c7b1a55194463f2b57813b97
28467aa0c39b5edebefe5405741e35d7b76c6a63dd97e217c9cf45c60c0c0b26
8408fef60aebc9c02351acf108c6544901a30f6216a5825b6a186166f2f0e1c8
a81f6c0ca122f3ab907ebfee8398f15ffd492e97b512190fc5a92ecc482a107e
b29bed1520379a480b3b0f95c78e82b55fbdd5fe6b25d1dc0c0a8e325fca79b1
dbb748132a2227731e080944b739c4e6179304852c70047a9319e176bbac3ada
1f63969a7e2439b7e2187d035807dcec2c9c119c04cc5be87db7897346619632
5b29de225b904ef453d029caadaf21826f0e3635cae8537c0597a9c412f506ee
d34081f5898516e4b9d0cc8126e9e21ffe2694cfa4b84514f4e3609e93c6165a
992101fe24a34d2cc8b3d5a4f3f14993298f6ad42a6c8e88fc4bb47795844d50
1de512f58aa48c41fd5b7d60ebc97323fd4ec0800f997f3fd16d9e8677005d9c
dcbdaa8a9f7b151749ed7d8eb37b172f9162a7427b72ad58a4e9f7a2902443ca
6e4282ec46cef95e069e0f545f64309fa56d14c282fbbeac0bbbd2c9bb1d1624
6edbd443374091d21060d1986b9021f7ecbfa08d2fcb50b8633e5ce43e172cde
a5a261cbfcdfded80e913f009ae22e417550c1bad2c10225e0f102de89c8a43c
bc669f354975585ab7fd958160cf9ab5b684e7c78246be4b89ae3947311e42cb
2b3e2f232e07e9a533b529e3a1de4fff4dc9ad03a6f2a881ce139803db7338ac
4d3a7f12c655a5247853f2f6fb297de94fd74a996a9f4cf9f98189674fcadec6
e74991c5f4a58426f5c2cd29385d440c0ffeded893d7afb7aaa1ee0ffffc9319
8ca3081ed3c4fa62f99bfc6206318d880d49915e7fbe5e79b56a911a824cbf4a
a070fbccf482af50c93ae71da08c7e68b357ee579d818153a973085b2c91261c
6e3077f204a3d1ab5bbac51462f8bf250d871c57b2602c7e162ca12451fecdc6
957d45c0f0f1a94c3e552d9db9508762f28306c65a2cf12b82de9f0da9472995
539c8dad546347ddf169026042e55f08abcb61ccae1f44adb217c9c63f81d849
636a41cd8fe68841f30bc4a1fa468e2b4174daa5ba390131c36c2cf3e4f599d4
990dff7abcc5c37e1bd234cc501aec7e579a1b629fd52f421ba6148942e83284
61f1c3d24abbda182c5f371f4cfd691a23c26f0ec10bd7d012058aaeddb395d9
Turner, et al. Expires 6 August 2025 [Page 42]
�
Internet-Draft ML-KEM in Certificates February 2025
b0aeb4f81b7cf05dd42e8df1f34dcc9ee13d2540ab3f7cd13b5f9a02be763e0d
aa1130e40695c72e3ef48546b7a2616004fc17ffc04cac5f01ee389c3d418fc5
0637eb1e630124edd29a09def4df23fa08dbbde38ee4ff7c64bedc1cc2d2f8d0
aaa6cdaebdd7707ae07bd0d868d268e74802468fab5002cbed8e23e4b5908bce
4ca05e98717728c25fd36fb565d021c09e2e2529c60e2b954fcb2f1ccefbf458
0850c6633a6744f1d23b8e944ab30ddcce0b9c1b6aff10f61155ad41f1c41df6
2abc5f0d7f09eec26e044e02a99f6e832ea43800f90115f4d7f6680c2a41312c
eb21b9b1a3ada0d88250b5f0366875f113d685984aaa6be85cfc6767267656c3
778e5705076586e659e07feafffdddf6417f29b464079844d7c48bcc9911b6a7
64d2ecf02d8714f8e5236c6cbe63350172b232505939461981a33464091edaa1
9a2230a54202a093729867d8124ae0f3840aa3bf8d757c5915dec7000c3d31d4
a5d6dbe42d7fae885ce5fb677f77e4af0311c3dea0e2b60ffdd2d5032c0a00c6
66983b7966172913b8950c5492e191abe9dcb0b64392be9a07afaa59f0e21fac
c36958d1aed154b2e71dcebf1558bfb02fd29aed6ef2ed35f51dee9f1f1f6a5b
94b6ab11be5c408ed1f57de41d200a72e45169e66f2df88c697b5422a414cddc
06be8376e9874856c3bbbd2603ce8dad252090c3c86c16872bf8882b08235392
2a11dd2e7dd4df804243c9d36360cfaafa23a512a0eee3d59d23e96c074b9df4
94dd9fb1e1e4198992ca43c2f070e9d4ebe27c4b632779ba23e2df1c8696e56c
5a97117d860f28c4e897df20012d65a9fc6c9cae0fd94d260af8ada7b2b76aea
44b9a9a18d449a4e474a2a088ec8144eef7615e329fdb6163fa15cfeb5c7a189
79c51e64516e01b6207ee7dd87fd7749ccf1c9431da48f34b8821d4d1f9b34c8
434c3966136abd0725e719b61e0117748d0f312559c3af1969cc423fdfa641e0
02af9aa976b65027783ff15a1175543aec72faf9c7c1eaaa8a0a7f9960f5f7e0
e24f2bfb5847bea3f02898772d2f28a0185951db3b37c8b5d2c0d9c327a60036
980c944b29c12dd3a0cecf6dc542f6f0df8ca84674086f7554f596bec85347d8
78c569a44e87928292ead6eca246fdaad6efb6f5827f323adf8daa9bb056ebf4
a2644c7f4a5fc3cc5f2a03778b1ccd31151da4bc7b27fb9001e6e732d9938917
65bd5eec1849404fa11ae674858a4180bcfcc0f93ed64ca94a041af1e5ea3169
7db3baf913fa35a92903eab84e5e31b8337278aa8e743f7e5dd13769c591febf
89b1e8ab7066810c39298c1125718819b8b7ea2abc75f86e62eadea05a8a5c36
d2e655cb805af1d54fce7838890d214a2a7e7112383adccdbdc2e648c9db7d1d
7f8575e7aa8c6c9070c1c245b737f939bc8edf272777f90d820229e000000000
000000000000000000000000000000000000000000004080f171d292e31` }
}
Acknowledgments
TODO acknowledge.
Authors' Addresses
Sean Turner
sn3rd
Email: sean@sn3rd.com
Panos Kampanakis
AWS
Turner, et al. Expires 6 August 2025 [Page 43]
�
Internet-Draft ML-KEM in Certificates February 2025
Email: kpanos@amazon.com
Jake Massimo
AWS
Email: jakemas@amazon.com
Bas Westerbaan
Cloudflare
Email: bas@westerbaan.name
Turner, et al. Expires 6 August 2025 [Page 44]