René Meusel

> We should be able to do better here. A couple of options that come to mind off the top of my head Apart from (or additionally to) a raw-signing...

On that note we should probably update this guidance on using `auto` somewhat: https://github.com/randombit/botan/blob/cc835ca8c4d82a515e83a17256177dafe980464a/doc/dev_ref/contributing.rst?plain=1#L218-L220 ... probably better to extend to something like "... truly obvious or not particularly relevant to...

Re: excessive support of PQ/Hybrid curves: I agree, that zoo is just way too big and should be pruned. I feel, right now it's really just guesswork on what combination...

Zooming out a bit: Perhaps this could be answered in the context of #4318. Essentially, for C++ we're experimenting with a new builder-style API to configure the public key operations....

Some initial idea: https://github.com/randombit/botan/pull/4318#issuecomment-2451487304 The linked API suggestion is very much a work in progress. Feel free to join the discussion.

> @atreiber94 I added you as a co-author since I copied half of your code from https://github.com/randombit/botan/pull/4062. GitHub doesn't seemt to recognize Amos' co-authorship. I'm guessing, because you missed a...

Appendix D.3 lists a few minor changes in the truncation of certain hash values. Those should be simple changes. Also, there's now a domain separation in the hashing of the...

> So I would ask to add the pre-hash variant, as that is what we need for using it in Thunderbird (via RNP, which uses Botan) With the new public...

Just [like ML-KEM](https://github.com/randombit/botan/pull/3893#issuecomment-2349229966), ML-DSA now exclusively uses the private seeds (`xi` - 32 bytes) as the private key's storage format. The expanded key format _**is not supported**_ for ML-DSA. This...

@randombit This is now ready for final review. It would be amazing to have this merged before the 3.6.0 release. Please let us know if we can help in some...