On Mon, Apr 26, 2010 at 05:10:35PM -0500, Marsh Ray wrote: > On 4/26/2010 4:36 PM, Nicolas Williams wrote: > > Ah! Perhaps what's happening here is that Paul intends for the > > additional random inputs to be provided by the _application_, from > > outside the TLS implementation. In that case an application could make > > secure use of TLS even when the underlying TLS implementation has a poor > > [P]RNG. That would make draft-hoffman-tls-additional-random-ext much > > more interesting (combined with some editing I'd drop my objections). > > But that facility could be provided by the implementation API without > any need to extend the TLS protocol. Indeed, OpenSSL provides a function > to contribute entropy into its RNG. There is a lot of inertia in installed base. If there are implementations that allow for arbitrary extensions then Paul would have acase. However, I suspect there are not; unless I'm missing something then I agree with this: > Thus I do not think draft-hoffman-tls-additional-random-ext should be > advanced as a standard. Nico -- _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf