Hi again. It appears that people have a hard time with the additional random
extension because it has limited applicability but I cannot fully state what
that is. The purpose here is to help fix problems that shouldn't happen, and to
be harmless when the bad situation doesn't happen. This has led some people to
think that an implementer will therefore feel free to code more carelessly. I
have a higher respect for TLS implementers, but maybe I shouldn't.
I am not sure that I can convince people of what seems like an obvious fact:
the PRNG on a system might fail in a way that the TLS implementation cannot
detect. If it could detect the failure, of course it should shut down,
screaming. But lots of PNRG failures seem undetectable to the implementation
but possibly detectable to an attacker. Remedying that was the motivation for
these drafts. If that problem is not of interest, or is considered to induce
developers to do a worse job, I can see why people would not want these drafts
to move forwards.
I still believe that this extension itself is harmless in all cases, and
helpful in limited ones; I have not seen anyone directly prove otherwise.
Having said that, I'm of course willing to go along with IETF consensus if
people think that the mere standardization of this extension will somehow
weaken existing implementations.
--Paul Hoffman, Director
--VPN Consortium
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf