The "X.509 Requirements" section states:
Each certificate MUST include:
...
- Public key information encoded for ML-DSA-87.
However, the "Algorithm Restrictions" section states:
- ML-DSA-44 and ML-DSA-65 MAY be used for Subordinate CA or leaf certificates.
Read literally, the first requirement would forbid ML-DSA-44 and ML-DSA-65 subject keys in any certificate of the hierarchy, which the second provision explicitly permits for Subordinate CA and leaf certificates.
I would suggest rewording the bullet to something like "Public key information encoded for the ML-DSA parameter set used", or alternatively scoping it to root certificates only.
The "X.509 Requirements" section states:
However, the "Algorithm Restrictions" section states:
Read literally, the first requirement would forbid ML-DSA-44 and ML-DSA-65 subject keys in any certificate of the hierarchy, which the second provision explicitly permits for Subordinate CA and leaf certificates.
I would suggest rewording the bullet to something like "Public key information encoded for the ML-DSA parameter set used", or alternatively scoping it to root certificates only.