[secdir] secdir review of draft-ietf-tsvwg-tinymt32

Carl Wallace <carl@redhoundsoftware.com> Fri, 17 May 2019 18:39 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C43A1120043 for <secdir@ietfa.amsl.com>; Fri, 17 May 2019 11:39:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xQCp_ab6IDt0 for <secdir@ietfa.amsl.com>; Fri, 17 May 2019 11:38:59 -0700 (PDT)
Received: from mail-qt1-x835.google.com (mail-qt1-x835.google.com [IPv6:2607:f8b0:4864:20::835]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C98412024B for <secdir@ietf.org>; Fri, 17 May 2019 11:38:58 -0700 (PDT)
Received: by mail-qt1-x835.google.com with SMTP id k24so9153344qtq.7 for <secdir@ietf.org>; Fri, 17 May 2019 11:38:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:message-id:thread-topic :mime-version:content-transfer-encoding; bh=u8aKaajIbb4sgiggN9KdEyG8xxXGwQBTa//OpQs03T0=; b=BxEkrhSpYXfAfbJyyf04+uPFdoyFKTudJ0YGaZvehyDT+sxgqcLP/K3GwYCx6H8dsA sHGkRFtVHK2VSuz6DAkH/o2QiYnuFV/vYZK6dF5pApQZ+GhNQbLnxh8YaE9AGXf4VWVQ 3JPjacDjDGyTJ8Ychg1FgvRJMNCIt7BlvDJlM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:message-id :thread-topic:mime-version:content-transfer-encoding; bh=u8aKaajIbb4sgiggN9KdEyG8xxXGwQBTa//OpQs03T0=; b=qxsZvl9gpvi69LlqHYdILoNdLIfZuzYxQBDDp/GqcAKJJKzShEcUIXvoFS+sQMOWhN 7c9zvKoQbnAFlYL/eQ9Qry8E3t4Dl4OjoOdrRgXgK4e1wke0n9c1TyLl7/jmNzM+ErDY QVFxfA1rhPfFWtotiDiTlei819cKR9OsJKSfrPFPzuVq1tZdTCKbUpAsdh/dnfxUU45/ Y3kkvKSQngplumuEkQXT6nVwrISJh10lVpKnQkuOesAh1cz/JKNEizNG4QNt+EwX64Yi nhspeMS+7WpkqGL9MWDYh30qWLJk86kSLaQ/jYVB1oia7dD2IKB0Mj92PvgE1rdxyNY8 mDpg==
X-Gm-Message-State: APjAAAWc4RvhKpo9tjYOqM/ocqLepamekcwIIhlBZYpL/NoGyYUNDg1j udSAQHBGIGsxZZdcv3cc8gcPmpKiy5l1+Q==
X-Google-Smtp-Source: APXvYqwLDbMhc8yE5iTW2o+xzq7BxmuC5vNJmO+P54AtAuvpHGiGD+bfGBXIEmj19ejO6TSvK3ZkmQ==
X-Received: by 2002:a0c:d917:: with SMTP id p23mr34065911qvj.162.1558118337161; Fri, 17 May 2019 11:38:57 -0700 (PDT)
Received: from [192.168.1.2] (137.sub-97-34-198.myvzw.com. [97.34.198.137]) by smtp.googlemail.com with ESMTPSA id h28sm1323621qkh.80.2019.05.17.11.38.52 (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 17 May 2019 11:38:56 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/14.7.6.170621
Date: Fri, 17 May 2019 14:38:46 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: <secdir@ietf.org>, <draft-ietf-tsvwg-tinymt32.all@ietf.org>, <iesg@ietf.org>
Message-ID: <D90477F6.DDB80%carl@redhoundsoftware.com>
Thread-Topic: secdir review of draft-ietf-tsvwg-tinymt32
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/4ulExCiIlWNx1iREJEtyhqCVJfc>
Subject: [secdir] secdir review of draft-ietf-tsvwg-tinymt32
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 May 2019 18:39:01 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments
just like any other last call comments.

This document describes the TinyMT32 Pseudo Random Number Generator (PRNG)
that produces 32-bit pseudo-random unsigned integers and aims at having a
simple-to-use and deterministic solution. The document is well written and
the sample code produces the sample output. I am not a mathematician so no
comments on the mechanism. I have a few minor nits/comments. The security
considerations may benefit from repeating the last sentence of the fourth
paragraph in the introduction (I.e., not 'meant to be used for
cryptographic applications'). The bibliography should include all of the
references cited in the draft. Adding some text or references to expand on
the mentioned limitations of RFC5170 or to describe how the parameter set
from which the parameters selected in this draft would be nice as well.