Paul Hoffman <paul.hoffman@xxxxxxxx> writes: > At 12:51 AM +0200 4/22/10, Simon Josefsson wrote: >>In which environments is the extension useful? >> >>The only motivation in the document that I can find is this: >> >> In some application environments, it is desirable to have the client >> and/or the server be able to input more random material in the master >> key calculation than is allowed by the fixed-length Random value. >> >>I believe more justification than that is required for Proposed >>Standard. >> >>In particular, what I'd like to see is references to some application >>environments where the extension is desirable, and the rationale why it >>is desirable in that environment. >> >>Without a rationale for when the extension is useful, it is impossible >>for implementers to know when use of this extension is warranted or not. > > The environment I described in the earlier thread is TLS with > Diffie-Hellman. I thought that saying that was sufficient, but I guess > it wasn't. People shouldn't have to read the mailing list to understand the applicability, so please describe some environments in the document. > In Diffie-Hellman key establishment with static keys, even if the PRNG > of one side is bad, the resulting pre-master secret is still sound. > Neither side knows whether or not the PRNG of the other side is bad, so > each side wants to supply sufficient randomness for the master secret > even if the other side's PRNG is bad. If a side with a bad PRNG adds its > own input, it doesn't hurt the randomness of the result, but a side with > a good PRNG can bring up the amount of randomness. Are you saying that the 28 bytes of randomness provided in the client and server hello is not sufficient? > I did not want to list this as the justification because there may be > other reasons to use the extension, and I don't want readers to think > that this is the only one. For example, future types of TLS key > establishment might have similar properties as static-static > Diffie-Hellman. > > Does that help? This information certainly helps, but it belongs in the document. /Simon _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf