[Breaking change]: Update Composite ML-DSA to draft 8 #48901
Description
[Breaking change]: Update Composite ML-DSA to draft-08
Description
CompositeMLDsa has moved from draft-07 to draft-08 of the Composite ML-DSA for use in X.509 Public Key Infrastructure specification.
The draft-08 format is not compatible with the draft-07 signatures, and key export/import formats are also incompatible across the draft-07/draft-08 boundary.
Version
This breaking change was introduced between .NET 10 RC2 and .NET 10.0.0.
Previous behavior
Signatures were generated and validated according to draft-07 of Composite ML-DSA for use in X.509 Public Key Infrastructure.
Public key and private key export and import used the format from draft-07 of Composite ML-DSA for use in X.509 Public Key Infrastructure.
New behavior
Signatures were generated and validated according to draft-08 of Composite ML-DSA for use in X.509 Public Key Infrastructure.
Public key and private key export and import used the format from draft-08 of Composite ML-DSA for use in X.509 Public Key Infrastructure.
draft-08 and draft-09 are compatible
Type of breaking change
- Behavioral change: Signatures generated with earlier versions of .NET 10 will cause
VerifyDatato always return false. Signatures generated with .NET 10 will likewise fail to verify for .NET 10 Preview and .NET 10 RC releases. - Behavioral change: Keys that were generated with earlier versions and exported may not import in .NET 10.0.0. Similarly, keys generated and exported in .NET 10.0.0 may not import in previous versions.
Reason for change
Staying current with the underlying specification.
Recommended action
The CompositeMLDsa class is marked as [Experimental], in part, because the specification is not yet complete.
Developers should not yet be depending on this class in production.
Any previously generated keys and signatures should be discarded.
Affected APIs
The following APIs are affected by this change:
System.Security.Cryptography.CompositeMLDsa