Re: [Dtls-iot] Hardware-based Random Number Generator
Hannes Tschofenig <hannes.tschofenig@gmx.net> Tue, 21 July 2015 12:54 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: dtls-iot@ietfa.amsl.com
Delivered-To: dtls-iot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEE741A6F01 for <dtls-iot@ietfa.amsl.com>; Tue, 21 Jul 2015 05:54:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4hMm7LKLGBk7 for <dtls-iot@ietfa.amsl.com>; Tue, 21 Jul 2015 05:54:04 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B0EA1A6F13 for <dtls-iot@ietf.org>; Tue, 21 Jul 2015 05:53:29 -0700 (PDT)
Received: from [192.168.10.134] ([31.133.152.120]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0Lusmr-1YrVor0lH7-0108dk; Tue, 21 Jul 2015 14:53:24 +0200
Message-ID: <55AE40C1.1060005@gmx.net>
Date: Tue, 21 Jul 2015 14:53:21 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: "dtls-iot@ietf.org" <dtls-iot@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <55A644A2.8060402@gmx.net>
In-Reply-To: <55A644A2.8060402@gmx.net>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="eafbR6OxHd5DfJE2wjouQBBqkHov2u8Fg"
X-Provags-ID: V03:K0:7U6jkCeu4BPmGAJMSBvGO8+rS55zhpqanjFXWW+Ysg2D9/w6EhY kfWsOyU2mhd6hX/VTKN3gckCysQT2ZUegl6u49MnekwA8vMSog0st9TNuArxgaAEz/eM31S EkoXDOeAMzlRsj3xZZm+qV28taUE5FVGyO7Mzp04J4ob3cw6d9P53MU9pywfrRC95xJ9USk /CzR/s4f4eGF5NKh7R1RQ==
X-UI-Out-Filterresults: notjunk:1;V01:K0:tjIQAPiLYGo=:PBVNqESF8rwbU5Hc59jbGs xcBhOTfMvkXxTwUdxGrcsGGeNt9AkKAqAHO3a/XcdkV08xMl3lc2i2SqwF1fXQmZcHovEQ0Gy mB6TFTEQevj4oZ/NnSmD+KTTn3djA4wdRGrKtQ7C31TWfLY22dbqwwQI9RHEykF/Gcj+ody2E xrcZdHAViiqWcu2jYwTCEXYpt8skBCc0WJnTfnARMrrMf5d3hW2f0PnEMLHAH/3wc17Ki/91X phCaLGtCUOwz92udsNQck3NI8ek/NFxxhNPkUW4uvuoCNiVFA+l5DATVLmtCj0gcD5f2iVKHy ZiZYF2Mr0VS5YiIm7eT125O0c3WLTH5EGoO/xpCBGo/oI32h4GdFt888V5PqMEsfRWCigHRn+ sOgsILXlYA2uOg6amTX+CTbgnmQGOiMQ/POgPsnmaGSXeT+94ZVYog23Tnzh9g0fMdpDJVK+7 nLarL6bJUtGJV3bBuuQt3ODdKqL50Z25OBYd8c/BjFYKmP92Ev8uwUIk7vjR7sB1NI5k4HoZH qD2tO/AdsruUw0HbVbghlCiIEBcsuzqUZuW2XYCbqFAkrYnBV1xx8xiTgsaXQ3d/TU5scAMIc sxnDLMdTXHSSsd75mVv8y+IBmnvqU9RbQZzvq1MGvTiEPiPQcD2Xfjde+vSJ2z0huCMrcIho5 PQvijtBU0GVoJLiC1ijBLxW7UKbE63yToJ5LXVIVz/ReUrQ==
Archived-At: <http://mailarchive.ietf.org/arch/msg/dtls-iot/ylkLi3VV5q7LL8YGB5DGwNoFUCo>
Subject: Re: [Dtls-iot] Hardware-based Random Number Generator
X-BeenThere: dtls-iot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DTLS for IoT discussion list <dtls-iot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtls-iot/>
List-Post: <mailto:dtls-iot@ietf.org>
List-Help: <mailto:dtls-iot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtls-iot>, <mailto:dtls-iot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2015 12:54:05 -0000
I discussed this issue with my co-worker Thomas and here is the proposed text change to address your issue: ------------------------ IoT devices using TLS/DTLS must offer ways to generate quality random numbers. There are various implementation choices for integrating a hardware-based random number generator into a product: an implementation inside the microcontroller itself is one option but also dedicated crypto-chips are reasonable choices. The best choice will depend on various factors outside the scope of this document. Guidelines and requirements for random number generation can be found in RFC 4086 [RFC4086] and in the NIST Special Publication 800-90a [SP800-90A]. ------------------------ Ciao Hannes On 07/15/2015 01:31 PM, Hannes Tschofenig wrote: > Stephen wrote: > > (10) 14: I want to check that the WG are really ok with the "MUST" for > h/w "quality" RNGs. I really like the idea, but it's very odd for the > IETF to have such a MUST touching on the style of implementation. (Say > if my entire implementation of TLS is in some kind of VM? Then I > couldn't meet this ever.) I think we have to s/MUST/weasel-words/ there > tbh, sadly - it's just not our job to mandate implementation styles. The > following para though does the job nicely, so maybe s/MUST/ought > to/ is enough of a change. > > > In response to a similar comment from Russ I had softened the language > already. Here is the remark that Russ had: > http://www.ietf.org/mail-archive/web/dtls-iot/current/msg00273.html > > I am, however, wondering whether we do ourselves a favour if we don't > state what the requirements are. > > The example you have mentioned is also a bit artifical since IoT devices > don't run in a virtual machine and even virtual machines rely on > hardware features from the underlying host operating system. > > I hope someone in the group can share their views. > > > > _______________________________________________ > dtls-iot mailing list > dtls-iot@ietf.org > https://www.ietf.org/mailman/listinfo/dtls-iot >
- [Dtls-iot] Hardware-based Random Number Generator Hannes Tschofenig
- Re: [Dtls-iot] Hardware-based Random Number Gener… Hannes Tschofenig