Last Call Review of draft-ietf-lamps-x509-shbs-08
review-ietf-lamps-x509-shbs-08-secdir-lc-nystrom-2024-10-24-00

Hi, I did not find any serious issues with this document but have the following
observations and questions:

a) The title is "Algorithm Identifiers for HSS and XMSS," however, the document
contains more than that - it contains usage recommendations and as such, I
think a title more similar to the title of RFC 8708 ("Use of the HSS/LMS
Hash-Based Signature Algorithm in [...]") would be better and more descriptive.
b) There is an OID under the old "rsadsi" PKCS #9 OID tree used here (though
not defined here). Did RSA (later EMC, later Dell, ...) transfer the ownership
/ maintenance of that OID tree to the IETF? I should know, since I was the
editor of the RFC version of PKCS #9, but it has been too long and I have
forgotten ... but just wanted to check such that there is no risk of
duplicative assignments. c) I don't know that there is a need to have the
essentially duplicative sections for "Algorithm Identifiers" and "Signature
Algorithms" as they specify the same OIDs. Or, alternatively, to be more
strict, the "Algorithm Identifiers" section could (or should?) specify "true"
ASN.1 Algorithm Identifiers (i.e., using the X.509 "ALGORITHM" class and, e.g.,
the common AlgorithmIdentifier type from PKCS #10 - see the ASN.1 module of RFC
2986.) d) I wonder, for completeness, if a Lamport signature scheme should be
defined like this too?