[Dtls-iot] Hardware-based Random Number Generator
Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 15 July 2015 11:31 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F40F21A893F for <dtls-iot@ietfa.amsl.com>; Wed, 15 Jul 2015 04:31:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M0WVig7pGelt for <dtls-iot@ietfa.amsl.com>; Wed, 15 Jul 2015 04:31:55 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25AD11A8937 for <dtls-iot@ietf.org>; Wed, 15 Jul 2015 04:31:55 -0700 (PDT)
Received: from [192.168.131.133] ([195.149.223.246]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0LxcbX-1YvOVv0s8p-017Gzf; Wed, 15 Jul 2015 13:31:52 +0200
Message-ID: <55A644A2.8060402@gmx.net>
Date: Wed, 15 Jul 2015 13:31:46 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: "dtls-iot@ietf.org" <dtls-iot@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="xhnRQW9uqSTaKGN65UGtKjXK3PStp0pfa"
X-Provags-ID: V03:K0:LkchE5Blg8zY5zM7r8GMNNfSIFwKF0R7yra2Wsy5pe0UgLPgSpW iAqyrtHzU97VgXeVRswoGIlVBI0JtrMI34gLmlwG8rXrkkz2RTOrU5tAtaanEN9UV7B3HQ9 uXH+E3zt+2QZTob4OadBNskolrAsvDtqvIAMkhLft83EzTkWJgWXR2Ec818S4uiafE/OjLg QAUZzINNOpvPQqlyJIAHg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:mVGl+2dfdJI=:g65hmEhPkHd1SwEje+cStn ePCOG/oSNtqX4hRPs2dE4S+hWHAihydSD7S7zg99iJW92RFkcN+spiZEWPSMCVVu++YGhM4PH d+zdc/BiBNHsdFwmpN3eXQuiRSz8M+UCRvVn6THJaRfapfPi7UpX65uTT+b8MpEkWouzMbdMs sYn+2vx+wW/2ZDOCeGUplYR9KrWs3Qo6UVIxYEoSOKtCQT8IfD2bVpvRGASJN/EU300xhotEM SkUXxyfIO2x7v3EMyU6CHTgTJxpmiqkFS67cvD2FL2J/9D5c9G9wXQC6ZmFNa1sRLoe0rm6Ih w0grGKIT5/foe/okFwn2n2xTWxOspG3vFcD3yAq5RcAtUSEnQmNK28rYetF35VvAn/NcjQz07 1VWZSydV8Y9aabSswF28n4W+8R4gYWJt1IphvbTv3mAFL9XPcJUsZcUL7RIyOL/yIZNmSDxXF NZYUYqACKiBvBbMpZq44Q/2/x7vg2FbFEJ5vANWrlBQypeVVYWOcU85suP+7B1HjNdUmaCuaD 4nxa90KAMDbL3K23saGl4Hzwc0mPMHzdtgviFWcC+zpewfeeP+a2HqCLj0AgycnwY7ONa9tQQ vEQVlTiyav1kxypKWrNx6aKUdn+VzX8ebDrcZc7cT5EEQW4iEJh97aohW0FKb+ab/f2ZxE637 p+xR8T/7ZKA6GIfPPSv/wtLu4VZDlYME9b6wM14UJfv1WCg==
Archived-At: <http://mailarchive.ietf.org/arch/msg/dtls-iot/TUzyBQVeFgywfctTgKScN7sXu-8>
Subject: [Dtls-iot] Hardware-based Random Number Generator
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2015 11:31:57 -0000
Stephen wrote: (10) 14: I want to check that the WG are really ok with the "MUST" for h/w "quality" RNGs. I really like the idea, but it's very odd for the IETF to have such a MUST touching on the style of implementation. (Say if my entire implementation of TLS is in some kind of VM? Then I couldn't meet this ever.) I think we have to s/MUST/weasel-words/ there tbh, sadly - it's just not our job to mandate implementation styles. The following para though does the job nicely, so maybe s/MUST/ought to/ is enough of a change. In response to a similar comment from Russ I had softened the language already. Here is the remark that Russ had: http://www.ietf.org/mail-archive/web/dtls-iot/current/msg00273.html I am, however, wondering whether we do ourselves a favour if we don't state what the requirements are. The example you have mentioned is also a bit artifical since IoT devices don't run in a virtual machine and even virtual machines rely on hardware features from the underlying host operating system. I hope someone in the group can share their views.
- [Dtls-iot] Hardware-based Random Number Generator Hannes Tschofenig
- Re: [Dtls-iot] Hardware-based Random Number Gener… Hannes Tschofenig