Re: [Ace] EST over CoAP: Randomness

Paul Duffy <paduffy@cisco.com> Tue, 14 May 2019 22:08 UTC

Return-Path: <paduffy@cisco.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E0D91201EE for <ace@ietfa.amsl.com>; Tue, 14 May 2019 15:08:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HsWaobMWpS95 for <ace@ietfa.amsl.com>; Tue, 14 May 2019 15:08:01 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A349A12003F for <ace@ietf.org>; Tue, 14 May 2019 15:08:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=581; q=dns/txt; s=iport; t=1557871681; x=1559081281; h=subject:to:references:from:message-id:date:mime-version: in-reply-to:content-transfer-encoding; bh=hU+8/OcF8c4S1uEhz3YDbFdjAgrf53u8x9fU/1pg8KE=; b=lBCS/i9vVw8gZRLXWS1qwRAMmP17igd3t9PrFWxQ12yGf7nUjigqOSCI 9NMVzPEMNPi58J6EJ6/P5LurFGQk/lRzxvR+7j8PJn3+tO3Zt611fb+ax n11vUrhEVFnPPmJeccd0ocR6qTESQFH5zm1M7Q3SoEvtYB0+OWGrkjiX5 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0D+AADeO9tc/5BdJa1kGwEBAQEDAQE?= =?us-ascii?q?BBwMBAQGBZYFiL4E6M4Q5kxOBYAglmk4JAQEBDi8BAYRAAoIdIzgTAQMBAQQ?= =?us-ascii?q?BAQIBBG0ohUsBBSMPAQVRCxgCAiYCAlcGAQwIAQEXgweCC6ttgS+FR4MlgUa?= =?us-ascii?q?BCyiLTxeBQD+BOAyCXz6HToJYBKdZCYILiluHfQYbggSKKolAjDSNK4gHgWY?= =?us-ascii?q?hgVczGggbFYMokGwjA5EfAQE?=
X-IronPort-AV: E=Sophos;i="5.60,470,1549929600"; d="scan'208";a="555086061"
Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 14 May 2019 22:07:49 +0000
Received: from [10.86.249.76] (bxb-vpn3-332.cisco.com [10.86.249.76]) by rcdn-core-8.cisco.com (8.15.2/8.15.2) with ESMTP id x4EM7mer013909; Tue, 14 May 2019 22:07:49 GMT
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "ace@ietf.org" <ace@ietf.org>
References: <DBBPR08MB45393CDF71E7DB02F6C6938CFA330@DBBPR08MB4539.eurprd08.prod.outlook.com>
From: Paul Duffy <paduffy@cisco.com>
Message-ID: <0a75faf6-0968-d266-b99e-cf400b311477@cisco.com>
Date: Tue, 14 May 2019 18:07:48 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <DBBPR08MB45393CDF71E7DB02F6C6938CFA330@DBBPR08MB4539.eurprd08.prod.outlook.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Outbound-SMTP-Client: 10.86.249.76, bxb-vpn3-332.cisco.com
X-Outbound-Node: rcdn-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/E5zLM6akAMRnbBuZg6xNws_I0I4>
Subject: Re: [Ace] EST over CoAP: Randomness
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 May 2019 22:08:03 -0000

On 5/9/2019 10:42 AM, Hannes Tschofenig wrote:
> I believe we should encourage developers to pick the correct hardware for the task rather than making them believe we have come up with solutions that allow them to get away without a hardware-based RNG.
>
> I also do not believe the statement that random number key generation is costly. Can you give me some number?

Strong agreement.  The added cost for hw based RNG is ever decreasing.  
Last time I checked it was on the order of 50 cents @ Q 10k?  It has 
likely fallen since.  Confirm with Atmel etc.

Cheers