[Acme] Defining random strings
Jacob Hoffman-Andrews <jsha@eff.org> Wed, 07 January 2015 19:42 UTC
Return-Path: <jsha@eff.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50BC71A1A6D for <acme@ietfa.amsl.com>; Wed, 7 Jan 2015 11:42:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.011
X-Spam-Level:
X-Spam-Status: No, score=-7.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tZlw2v656ciY for <acme@ietfa.amsl.com>; Wed, 7 Jan 2015 11:42:06 -0800 (PST)
Received: from mail2.eff.org (mail2.eff.org [173.239.79.204]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D4E31A1A50 for <acme@ietf.org>; Wed, 7 Jan 2015 11:42:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org; s=mail2; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID; bh=mmOy9gco8k5fzSHOrsRkxuJQmY2lGqxjVFJyxTCIby4=; b=08+NaD9K5Ea3mb25Sx9u5clncBT5CTKd3HmynezjKJ3iL75xRmCgAsZxGu9QdKD+rIej2tZPEaDjj0Ay01XA4QpJvyS3Xx/dIVZ66P6/B5K3zXuV3rFfZwaQFavZ2/gGxmJg+s7YBCpX69aH8C6I3HPsa41pDVSTHMt/MPgCkmU=;
Received: ; Wed, 07 Jan 2015 11:42:05 -0800
Message-ID: <54AD8C0C.1070608@eff.org>
Date: Wed, 07 Jan 2015 14:42:04 -0500
From: Jacob Hoffman-Andrews <jsha@eff.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: acme@ietf.org
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/qpc6sHCHvGboaPya1eiSkYrVBHw
Subject: [Acme] Defining random strings
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jan 2015 19:42:07 -0000
The spec has a number of places that call for a random string: nonces, tokens, session ids, the `r' and `s' values in DVSNI and DNS challenges. They are described slightly differently in different places, and some are encoded as base64, but others are encoded as hex (e.g. when they need to be a DNS label). This is a bit confusing. Proposal: Define `random string' once, and replace each field description that needs one with a reference to that definition. Consolidate all random string encodings on hex. Proposed language: Random String: A hex-encoded 128-bit random value, output from a CSPRNG. ... token (required, string): A Random String
- [Acme] Defining random strings Jacob Hoffman-Andrews