Re: [dsfjdssdfsd] Any plans for drafts or discussions on here?

"Dan Harkins" <> Wed, 22 January 2014 16:13 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 6E4871A046C for <>; Wed, 22 Jan 2014 08:13:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.467
X-Spam-Status: No, score=-2.467 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 97Q09aEltU-o for <>; Wed, 22 Jan 2014 08:13:14 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 9A5C31A0469 for <>; Wed, 22 Jan 2014 08:13:14 -0800 (PST)
Received: from (localhost []) by (Postfix) with ESMTP id F30541022404A; Wed, 22 Jan 2014 08:13:13 -0800 (PST)
Received: from (SquirrelMail authenticated user by with HTTP; Wed, 22 Jan 2014 08:13:14 -0800 (PST)
Message-ID: <>
In-Reply-To: <>
References: <> <> <>
Date: Wed, 22 Jan 2014 08:13:14 -0800
From: Dan Harkins <>
To: Paul Hoffman <>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: Donald Eastlake <>,, Stephen Farrell <>
Subject: Re: [dsfjdssdfsd] Any plans for drafts or discussions on here?
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The dsfjdssdfsd list provides a venue for discussion of randomness in IETF protocols, for example related to updating RFC 4086." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 22 Jan 2014 16:13:16 -0000


On Mon, January 20, 2014 5:28 pm, Paul Hoffman wrote:
> On Jan 20, 2014, at 5:53 PM, Donald Eastlake <> wrote:
>> I've been a bit snowed under just recently and this week but I have
>> accumulated some changes and suggestions on the randomness requirement
>> sod security draft and do plan to do a revision soon.
> It would be good to see those revisions. It still feels very wrong for us
> to be suggesting to application developers that they should be doing their
> own randomness; they should be asking their OS unless they are experts,
> and those experts don't need an RFC.

  "Ask your OS" is putting faith in the guy that wrote the relevant code
in your OS. It might be a reasonable leap but it's a leap nevertheless.
Recent events should tell us that we should not trust a single source for
these things (even if we are told that this single source is actually the
output of a bunch of uncorrelated sources of entropy being mixed up).

  I see value in draft-eastlake-randomness3 and I also see value in an
Informational RFC on a good DRBG for those who feel the need to have
a belt as well as suspenders.