7. Security Considerations
The security considerations of RFC 7515, RFC 7517, and RFC 9053 apply. ML-DSA security analysis is out of scope and is provided by FIPS 204.
A seed and a private key expanded from that seed require equivalent protection. Compromise of either enables signature forgery. RFC 9964 does not support HashML-DSA; future support would require additional algorithm registrations.
When an AKP algorithm requires or recommends key validation before use, all algorithm-related key parameters MUST be validated. For the ML-DSA algorithms registered here, priv is the seed, so the seed length check MUST be performed. When priv is expanded with KeyGen_internal, the skEncode and skDecode algorithms MUST be used.
AKP public and private information class parameters can be tampered with or mismatched. The outcome can range from operation failure to private key compromise, so implementations must validate that alg, pub, priv, and related parameters match.