Andrew Thoelke

Rebased to sync with **main**.

Yes, this is certainly something that we could add for the next update to the specification. Based on my understanding of the specifications, for the AEAD algorithms: * We would...

> > * `PSA_HASH_LENGTH()` would report 32 (bytes), and `PSA_HASH_BLOCK_LENGTH()` would report 8 (bytes), for both of these algorithms. > > One correction: `PSA_HASH_BLOCK_LENGTH()` would be 8 for Ascon-Hash and...

Given the status of the NIST standardization, where Ascon has been selected but the details of the NIST standard have not yet been published, it would be preferable to delay...

Update following the LWC conference in June. The [conference website](https://csrc.nist.gov/Events/2023/lightweight-cryptography-workshop-2023) has links for all of the presentations over the two days. The final three are specifically relevant to understanding what...

These key formats provide key type and size information, but can vary in the key policy attributes that are encoded. An API to import the data as a key would...

API definition work for this use case is proceeding in Mbed TLS. A draft of the API is proposed in https://github.com/Mbed-TLS/mbedtls/pull/7910.

I'm not sure if the 'Key format' and 'Key derivation' sections might benefit from some boilerplate text to indicate the sub-section's relevance to `psa_import_key()`/`psa_export_key()` and `psa_key_derivation_ouput_key()` respectively? E.g. instead of:...

Rebased after #177 merged (with minor fixes)

Note also that the API naming is 'the best idea so far', and is not fixed until we issue the 1.2 specification. If you have suggestions for better/different names or...