ietf
[Top] [All Lists]

Re: [TLS] Last Call: draft-hoffman-tls-additional-random-ext (Additional Random

2010-04-27 13:15:34
On Mon, Apr 26, 2010 at 05:10:35PM -0500, Marsh Ray wrote:
On 4/26/2010 4:36 PM, Nicolas Williams wrote:
Ah!  Perhaps what's happening here is that Paul intends for the
additional random inputs to be provided by the _application_, from
outside the TLS implementation.  In that case an application could make
secure use of TLS even when the underlying TLS implementation has a poor
[P]RNG.  That would make draft-hoffman-tls-additional-random-ext much
more interesting (combined with some editing I'd drop my objections).

But that facility could be provided by the implementation API without
any need to extend the TLS protocol. Indeed, OpenSSL provides a function
to contribute entropy into its RNG.

There is a lot of inertia in installed base.  If there are
implementations that allow for arbitrary extensions then Paul would have
acase.  However, I suspect there are not; unless I'm missing something
then I agree with this:

Thus I do not think draft-hoffman-tls-additional-random-ext should be
advanced as a standard.

Nico
-- 
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf