Videos
First of all, sorry for posing a more practical question, if this is the wrong sub please direct me to another one. The FIPS 204 document mentions that applications may use the context string or leave it empty. But what are the proper use cases for this string and are there any caveats for using it (except that it needs to be up to 255 bytes)? Can using a non-empty string create incompatibilities?
I wasn't following the development of ML-DSA and the NIST process so I'm a bit unsure about the proper use/purpose of context in this signature scheme.
So, the data encryption of larger chunks of data (not keys) are still expected to be encrypted with symmetric algos like AES? Because AES is still expected to be resistant to QC attacks, but things like RSA are not, so the new algos just replace the asymmetric part? Just like you wouldn't usually directly encrypt data like a file with RSA, you won't use the new PQC algos to encrypt a file, but use them to exchange/protect keys?