IETF Logo Mail Archive

Re: [dsfjdssdfsd] Should secure RNGs be a MUST?

Alyssa Rowan <akr@akr.io> Tue, 11 March 2014 19:42 UTC

Return-Path: <akr@akr.io>
X-Original-To: dsfjdssdfsd@ietfa.amsl.com
Delivered-To: dsfjdssdfsd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 738291A07AD for <dsfjdssdfsd@ietfa.amsl.com>; Tue, 11 Mar 2014 12:42:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VLGjIwAy9fhs for <dsfjdssdfsd@ietfa.amsl.com>; Tue, 11 Mar 2014 12:41:58 -0700 (PDT)
Received: from entima.net (entima.net [78.129.143.175]) by ietfa.amsl.com (Postfix) with ESMTP id A42F01A0653 for <dsfjdssdfsd@ietf.org>; Tue, 11 Mar 2014 12:41:58 -0700 (PDT)
Received: from [10.10.42.10] (cpc5-derb12-2-0-cust796.8-3.cable.virginm.net [82.31.91.29]) by entima.net (Postfix) with ESMTPSA id 4540C60369 for <dsfjdssdfsd@ietf.org>; Tue, 11 Mar 2014 19:41:52 +0000 (GMT)
Message-ID: <531F6699.9090803@akr.io>
Date: Tue, 11 Mar 2014 19:40:09 +0000
From: Alyssa Rowan <akr@akr.io>
MIME-Version: 1.0
To: dsfjdssdfsd@ietf.org
References: <810C31990B57ED40B2062BA10D43FBF5C523AD@XMB116CNC.rim.net> <531F5573.1050905@akr.io> <810C31990B57ED40B2062BA10D43FBF5C541E4@XMB116CNC.rim.net>
In-Reply-To: <810C31990B57ED40B2062BA10D43FBF5C541E4@XMB116CNC.rim.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/dsfjdssdfsd/J6dKeVLa9nAZoAyA_zdsEOHRu0Q
Subject: Re: [dsfjdssdfsd] Should secure RNGs be a MUST?
X-BeenThere: dsfjdssdfsd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The dsfjdssdfsd list provides a venue for discussion of randomness in IETF protocols, for example related to updating RFC 4086." <dsfjdssdfsd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dsfjdssdfsd>, <mailto:dsfjdssdfsd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dsfjdssdfsd/>
List-Post: <mailto:dsfjdssdfsd@ietf.org>
List-Help: <mailto:dsfjdssdfsd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dsfjdssdfsd>, <mailto:dsfjdssdfsd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Mar 2014 19:42:01 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 11/03/2014 19:32, Dan Brown wrote:

> […]I was asking whether they are in scope, or priorities, of 
> IETF.[…]

I'm certainly no process expert, but probably? Advice on secure RNG
practices in RFC 4086 seems to have been considered in-scope for IETF
before.

This list exists to discuss randomness, where it impacts IETF
protocols. It's definitely not something we should ignore: and given
what we've seen, and how fundamental good randomness is to good
security, I would firmly argue not something we should defer to other,
less transparent, bodies in future.

- -- 
/akr
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTH2aZAAoJEOyEjtkWi2t67D4QAJ8U1ukEi6SslqFXGz63NVdR
EptXLGET+ClamZlXOuFMjins1wGwEJ67ItNgv68qRRmaSmbmiAU181HHir/e4pTl
PpCh+yczIvcDI56X1eR6b7zDMMgwaV5g6iymMaBnGH4bOcMsa5jy/pYvICT3exTG
L1tuj0RcjrQMyAAXS1+VxS0mSAye/lb4dtL29foCwHRgDw66nxTQvKx4ltQIEb9c
DGj8A7FPxxDcUP5yoIvnHT7tkDhLCYqvUBdJ36gaU2XsjJKTXBXUmZT4hbAUolzY
fkYPZF1LNaSxsBfMZlWIwxaqjYZhY6OQjXLuSI7mvXD9L/EApVKyrC5LXMa9ulfi
BQv9D4NFOw5PyhmA0vKajbKoSZ7nXXPGzCVOmIcBnbcMM3bk/DBoSUqsBSd/ODF7
sKwDOgpbyyxh5nMVyieoHQidyunPllhVVQyCk9iBSuTo2kPxPcMLva2VWhMobPrA
QYr2hTrz3MWz8SJJXx8uE41sucPzE9K23mPI19b2P9tCtHbbZU6sQurryzDfHex6
N/EGNFvfb7QjoJzgmUtuG0Gi7Klrkfa6rOr6fDuY0Xfp1x1UBCI5quhs8BfsfXYQ
tHQkmWZrFaUOzOGYkG6DHDyZ3+HXtN65yk3lwswH1+AuPkGyJYO8+oko7Gjm6F0U
jx1PYN7/uy7/ygwaw7KY
=6UUk
-----END PGP SIGNATURE-----

v2.14.0 | Report a Bug | By Email