Re: [dsfjdssdfsd] Any plans for drafts or discussions on here?

Donald Eastlake <> Wed, 22 January 2014 18:13 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 1FC171A0174 for <>; Wed, 22 Jan 2014 10:13:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id LrAMYkYb_QOi for <>; Wed, 22 Jan 2014 10:13:54 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4003:c02::235]) by (Postfix) with ESMTP id 3F6FC1A015A for <>; Wed, 22 Jan 2014 10:13:54 -0800 (PST)
Received: by with SMTP id m1so890174oag.12 for <>; Wed, 22 Jan 2014 10:13:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=7NJ9Zti+/fWG4Kw5wGcZpwGu9fAsmqpqmO6q/7jlBos=; b=w0GblHQl6//+DIDpRTmo1WPo9nRmp7F0ccm3UwA8GHyxpnkit+juFt3Bt7Xac7sVKB d0NlF08Jsp4PmQgmGC5vppH4GjWOuR/vxiSINQ4+anMemT1qFBiK5+fxQCqbOxIQgCE7 3BAPy9E28rOfJYy9HVILzJtVm1EZnywznOXqJqNA2t+l7P1P8UqatVH0CMvFwbL908Fe Wx2Wv0i/emzf7uq52hV2XoNsk/map4z3Se9N035gMm6UdFUEGcTiZ+YE9FZT8i6sA3UC MYv1yPffXSlp/j/p7ZNN3Px+NB8KEJM0Wq07/Z8gDZoGEEbS0mrfC9F4xz2enHRaSJYd 7xpQ==
X-Received: by with SMTP id zd3mr2672570obc.20.1390414433555; Wed, 22 Jan 2014 10:13:53 -0800 (PST)
MIME-Version: 1.0
Received: by with HTTP; Wed, 22 Jan 2014 10:13:33 -0800 (PST)
In-Reply-To: <>
References: <> <> <> <>
From: Donald Eastlake <>
Date: Wed, 22 Jan 2014 13:13:33 -0500
Message-ID: <>
Content-Type: text/plain; charset="ISO-8859-1"
Subject: Re: [dsfjdssdfsd] Any plans for drafts or discussions on here?
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The dsfjdssdfsd list provides a venue for discussion of randomness in IETF protocols, for example related to updating RFC 4086." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 22 Jan 2014 18:13:55 -0000

Hi Paul,

> Paul Hoffman (at Tuesday, January 21, 2014, 2:28:26 AM):
>> It still feels very wrong
>> for us to be suggesting to application developers that they should
>> be doing their own randomness; they should be asking their OS unless
>> they are experts, and those experts don't need an RFC.

I don't understand why you think having an RFC means that applications
developers are supposed to implement what is described in that RFC.
The IETF does lots of non-application level RFCs. I don't agree that
it is clear who is an expert in this area. I don't agree that any
person believed to be an expert will, in the absence of documentation,
know or take into account all the aspects of what might be called best
current practice in this area. IETF specifications that call for
quantities unpredictable by adversaries need to reference something.
Should they just reference the NIST documents?

 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA