Re: [dsfjdssdfsd] Any plans for drafts or discussions on here?
Michael Hammer <michael.hammer@yaanatech.com> Thu, 23 January 2014 20:49 UTC
Return-Path: <michael.hammer@yaanatech.com>
X-Original-To: dsfjdssdfsd@ietfa.amsl.com
Delivered-To: dsfjdssdfsd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9D781A0161 for <dsfjdssdfsd@ietfa.amsl.com>; Thu, 23 Jan 2014 12:49:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.436
X-Spam-Level:
X-Spam-Status: No, score=-2.436 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QbRX44SeCgo1 for <dsfjdssdfsd@ietfa.amsl.com>; Thu, 23 Jan 2014 12:49:33 -0800 (PST)
Received: from email1.corp.yaanatech.com (webmail10.yaanatech.com [63.128.177.10]) by ietfa.amsl.com (Postfix) with ESMTP id BC9991A00C5 for <dsfjdssdfsd@ietf.org>; Thu, 23 Jan 2014 12:49:33 -0800 (PST)
Received: from SC9-EX2K10MB1.corp.yaanatech.com ([fe80::149d:c2e1:8065:2a47]) by ex2k10hub1.corp.yaanatech.com ([::1]) with mapi id 14.03.0123.003; Thu, 23 Jan 2014 12:49:33 -0800
From: Michael Hammer <michael.hammer@yaanatech.com>
To: "pinterkr@gmail.com" <pinterkr@gmail.com>, "ietf@hosed.org" <ietf@hosed.org>
Thread-Topic: [dsfjdssdfsd] Any plans for drafts or discussions on here?
Thread-Index: AQHPFik7i/q5nfCSa0yR/K7nGCDgcJqOvseAgAArLACAAqUWgIAAqIaAgAEY5AD//3wacA==
Date: Thu, 23 Jan 2014 20:49:32 +0000
Message-ID: <00C069FD01E0324C9FFCADF539701DB3BBF18E51@sc9-ex2k10mb1.corp.yaanatech.com>
References: <52DD996F.3040708@cs.tcd.ie> <CAF4+nEHEWaSr3HMuGtQ=vQzuuhkTo2uNpedUTNgmT5NsWRsTfA@mail.gmail.com> <30316745-8091-46AD-95A1-407757489FF9@vpnc.org> <1737731959.20140122185149@gmail.com> <03f201cf17ee$e34ccbf0$a9e663d0$@hosed.org> <15541579.20140123214020@gmail.com>
In-Reply-To: <15541579.20140123214020@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.17.100.212]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_00F3_01CF1839.8F838F40"
MIME-Version: 1.0
Cc: "dsfjdssdfsd@ietf.org" <dsfjdssdfsd@ietf.org>
Subject: Re: [dsfjdssdfsd] Any plans for drafts or discussions on here?
X-BeenThere: dsfjdssdfsd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The dsfjdssdfsd list provides a venue for discussion of randomness in IETF protocols, for example related to updating RFC 4086." <dsfjdssdfsd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dsfjdssdfsd>, <mailto:dsfjdssdfsd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dsfjdssdfsd/>
List-Post: <mailto:dsfjdssdfsd@ietf.org>
List-Help: <mailto:dsfjdssdfsd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dsfjdssdfsd>, <mailto:dsfjdssdfsd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2014 20:49:35 -0000
This may get off-topic, but are there good software tools for testing entropy, that could help applications determine if the underlying system is giving them good input? Michael Hammer Principal Engineer michael.hammer@yaanatech.com Mobile: +1 408-202-9291 500 Yosemite Drive Suite 120 Milpitas, CA 95035 USA -----Original Message----- From: dsfjdssdfsd [mailto:dsfjdssdfsd-bounces@ietf.org] On Behalf Of Krisztián Pintér Sent: Thursday, January 23, 2014 12:40 PM To: ietf@hosed.org Cc: dsfjdssdfsd@ietf.org Subject: Re: [dsfjdssdfsd] Any plans for drafts or discussions on here? ietf@hosed.org (at Thursday, January 23, 2014, 4:54:59 AM): > The problem with relying on the OS is that you're not always sure what > the OS is doing. Example: If I run Linux under ESXi on a headless > server, with an SSD for a disk, and I use the Ethernet NIC built into > the motherboard, where is the entropy for /dev/random coming from? you do know what the OS does, you have either a source code, or at least a statement that everything is fine. you choose the OS with this knowledge in mind. it is another issue that in certain systems, the opsys might be not good enough. but i doubt that you can write RFC that is of any use for such special systems. plus, it is still advisable that you only implement your additional entropy collection, and just feed it back to the OS. > Those of us who deal with FIPS 140 and Common Criteria are now being > asked to document entropy sources, we need to make clear what the goal is. me being new here, maybe i just missed it, but i'm not sure what do we want: a, building a secure system b, building a system that can be marketed as secure c, building a FIPS compliant system because i claim that these are very different. if you want to be FIPS compliant, you probably need to do a whole sort of silly things that helps nobody in no way. but again, this won't be too much aided with an RFC, or any "best practices" document. nor i personally care much. marketability of a system can be affected by any number of things, probably boasting a lot of numbered acronyms, like RFCs as well. but i'm not into this kind of psychology. but if we aim at security, the OS can provide the best service here. yeah, windows don't, but really, how secure your application will be on windows anyway? you don't need to go over that level. > The various DRBGs are fine IMHO for handing out bits of random to an > application, and lacking anything better today I would certainly > encourage developers to use one. But the question is how do we seed > the DRBG in the first place? i certainly agree that we are well equipped with good DRBGs (which linux still refuses to include, forget about windows). do you happen to know fortuna, and especially its entropy collection policy? i think it is kind of a cool concept, except does not really solve the problem you mentioned before, namely early entropy gathering. one more point: it is not only about creating good random. you also need to protect it. what sources of entropy do you have that other processes on the same system don't? what information do you leak during the collection phase? a little bit harder problem than a DRBG. _______________________________________________ dsfjdssdfsd mailing list dsfjdssdfsd@ietf.org https://www.ietf.org/mailman/listinfo/dsfjdssdfsd
- [dsfjdssdfsd] Any plans for drafts or discussions… Stephen Farrell
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Donald Eastlake
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Dan Harkins
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Paul Hoffman
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Dan Harkins
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Paul Hoffman
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Krisztián Pintér
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Donald Eastlake
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Dan Harkins
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Paul Hoffman
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Paul Hoffman
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Dan Harkins
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Paul Hoffman
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Dan Harkins
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Francis Dupont
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Francis Dupont
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Dan Harkins
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… ietf
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Francis Dupont
- [dsfjdssdfsd] evaluating stuff (was: Re: Any plan… Stephen Farrell
- Re: [dsfjdssdfsd] evaluating stuff (was: Re: Any … ietf
- Re: [dsfjdssdfsd] evaluating stuff (was: Re: Any … Jon Green
- Re: [dsfjdssdfsd] evaluating stuff (was: Re: Any … Paul Hoffman
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Krisztián Pintér
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Michael Hammer
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Krisztián Pintér
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Michael Hammer
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Paul Hoffman
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Henderickx, Wim (Wim)
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Krisztián Pintér
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Dan Harkins
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Michael Hammer
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Paul Hoffman
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Michael Hammer
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Krisztián Pintér
- Re: [dsfjdssdfsd] Any plans for drafts or discuss… Paul Hoffman