Paul Hoffman <paul(_dot_)hoffman(_at_)vpnc(_dot_)org> writes:
At 12:05 AM +0200 4/22/10, Martin Rex wrote:
The IESG wrote:
The IESG has received a request from an individual submitter to consider
the following document:
- 'Additional Random Extension to TLS '
<draft-hoffman-tls-additional-random-ext-01.txt> as a Proposed Standard
I'm somewhat confused to see a Last Call for this proposal.
We had a discussion on this document on the TLS WG mailing list and
determined that this proposal is completely unable to achieve
the stated goal. This extension is completely bogus.
You came to that conclusion; many other folks disagreed. You stated
that you thought it was not useful in some environments, namely with
RSA authentication where the client has a broken PRNG. If that is the
only environment you care about, then this extension is not
useful. TLS is used in many other environments, of course.
In which environments is the extension useful?
The only motivation in the document that I can find is this:
In some application environments, it is desirable to have the client
and/or the server be able to input more random material in the master
key calculation than is allowed by the fixed-length Random value.
I believe more justification than that is required for Proposed
Standard.
In particular, what I'd like to see is references to some application
environments where the extension is desirable, and the rationale why it
is desirable in that environment.
Without a rationale for when the extension is useful, it is impossible
for implementers to know when use of this extension is warranted or not.
/Simon
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf