ietf
[Top] [All Lists]

Re: [TLS] Last Call: draft-hoffman-tls-additional-random-ext (Additional Random

2010-04-27 13:18:53
On 4/26/2010 4:36 PM, Nicolas Williams wrote:
On Mon, Apr 26, 2010 at 04:18:33PM -0500, Marsh Ray wrote:
Taking ietf(_at_)ietf(_dot_)org off of CC list as this seems to be very TLS 
specific.

This is an IETF LC, not a WG LC; IETF LC comments should be sent to
ietf(_at_)ietf(_dot_)org(_dot_)  If anything, we might want to drop 
tls(_at_)ietf(_dot_)org(_dot_)

That makes sense.

Thus ISTM that we should first consider either whether the client_random
and server_random fields are sufficient _assuming_ compliant [P]RNGs or
consider how draft-hoffman-tls-additional-random-ext can ameliorate TLS
implementations that have poor [P]RNGs.

I think the current space in the protocol of 224-256 bits in each
direction is sufficient. Well-known techniques exist for compressing
whatever format of entropy is available into that space.

Ah!  Perhaps what's happening here is that Paul intends for the
additional random inputs to be provided by the _application_, from
outside the TLS implementation.  In that case an application could make
secure use of TLS even when the underlying TLS implementation has a poor
[P]RNG.  That would make draft-hoffman-tls-additional-random-ext much
more interesting (combined with some editing I'd drop my objections).

But that facility could be provided by the implementation API without
any need to extend the TLS protocol. Indeed, OpenSSL provides a function
to contribute entropy into its RNG.

Thus I do not think draft-hoffman-tls-additional-random-ext should be
advanced as a standard.

- Marsh
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf