Paul Hoffman wrote: > > At 12:05 AM +0200 4/22/10, Martin Rex wrote: > >The IESG wrote: > >> > >> The IESG has received a request from an individual submitter to consider > >> the following document: > >> > >> - 'Additional Random Extension to TLS ' > >> <draft-hoffman-tls-additional-random-ext-01.txt> as a Proposed Standard > > > > > >I'm somewhat confused to see a Last Call for this proposal. > > > >We had a discussion on this document on the TLS WG mailing list and > >determined that this proposal is completely unable to achieve > >the stated goal. This extension is completely bogus. > > You came to that conclusion; many other folks disagreed. You stated > that you thought it was not useful in some environments, namely with > RSA authentication where the client has a broken PRNG. If that is the > only environment you care about, then this extension is not useful. > TLS is used in many other environments, of course. Well, I'm sorry. There was not a single technical argument against the determination that this extension is completely bogus in the discussion. It is simply impossible to make up for the lack of entropy (= secret randomness) with the addition of any amount of published randomness, such as this extension suggests. Get a cryptographer to make a convincing case for the value of this extension in TLS, otherwise this extension should *NOT* be standardized by the IETF. -Martin _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf