On 4/26/2010 4:36 PM, Nicolas Williams wrote: > On Mon, Apr 26, 2010 at 04:18:33PM -0500, Marsh Ray wrote: >> Taking ietf@xxxxxxxx off of CC list as this seems to be very TLS specific. > > This is an IETF LC, not a WG LC; IETF LC comments should be sent to > ietf@xxxxxxxxx If anything, we might want to drop tls@xxxxxxxxx That makes sense. > Thus ISTM that we should first consider either whether the client_random > and server_random fields are sufficient _assuming_ compliant [P]RNGs or > consider how draft-hoffman-tls-additional-random-ext can ameliorate TLS > implementations that have poor [P]RNGs. I think the current space in the protocol of 224-256 bits in each direction is sufficient. Well-known techniques exist for compressing whatever format of entropy is available into that space. > Ah! Perhaps what's happening here is that Paul intends for the > additional random inputs to be provided by the _application_, from > outside the TLS implementation. In that case an application could make > secure use of TLS even when the underlying TLS implementation has a poor > [P]RNG. That would make draft-hoffman-tls-additional-random-ext much > more interesting (combined with some editing I'd drop my objections). But that facility could be provided by the implementation API without any need to extend the TLS protocol. Indeed, OpenSSL provides a function to contribute entropy into its RNG. Thus I do not think draft-hoffman-tls-additional-random-ext should be advanced as a standard. - Marsh _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf