Re: [secdir] secdir review of draft-ietf-tsvwg-tinymt32

[Carl Wallace <carl@redhoundsoftware.com>]

Great. Thanks. 

From:  Vincent Roca <vincent.roca@inria.fr>
Date:  Monday, May 27, 2019 at 5:02 AM
To:  Carl Wallace <carl@redhoundsoftware.com>
Cc:  Vincent Roca <vincent.roca@inria.fr>, <secdir@ietf.org>,
<draft-ietf-tsvwg-tinymt32.all@ietf.org>, <iesg@ietf.org>
Subject:  Re: secdir review of draft-ietf-tsvwg-tinymt32

> Hello Carl, all,
> 
> Thanks a lot for your secdir review.
> 
>> Le 17 mai 2019 à 20:38, Carl Wallace <carl@redhoundsoftware.com> a écrit :
>> 
>> I have reviewed this document as part of the security directorate's
>> ongoing effort to review all IETF documents being processed by the IESG.
>> These comments were written primarily for the benefit of the security area
>> directors.  Document editors and WG chairs should treat these comments
>> just like any other last call comments.
>> 
>> This document describes the TinyMT32 Pseudo Random Number Generator (PRNG)
>> that produces 32-bit pseudo-random unsigned integers and aims at having a
>> simple-to-use and deterministic solution. The document is well written and
>> the sample code produces the sample output. I am not a mathematician so no
>> comments on the mechanism. I have a few minor nits/comments.
> 
> 
> 
>> The security
>> considerations may benefit from repeating the last sentence of the fourth
>> paragraph in the introduction (I.e., not 'meant to be used for
>> cryptographic applications’).
> 
> [VR] Very good suggestion. Added.
> 
> NEW:
> 4.  Security Considerations
> 
>    The authors do not believe the present specification generates
>    specific security risks per se.  However, neither the TinyMT nor MT
>    PRNG are meant to be used for cryptographic applications.
> 
>>  The bibliography should include all of the
>> references cited in the draft.
> 
> [VR] We agree, and we changed all <eref target=« https://… » />
> links to a well identified « Informative References » entry.
> 
> NEW:
>    [TinyMT-dev]
>               Saito, M. and M. Matsumoto, "Tiny Mersenne Twister
>               (TinyMT) github site", <https://github.com/
>               MersenneTwister-Lab/TinyMT>.
> 
>    [TinyMT-params]
>               Rikitake, K., "TinyMT pre-calculated parameter list github
>               site", <https://github.com/jj1bdx/tinymtdc-longbatch/>.
> 
>    [TinyMT-web]
>               Saito, M. and M. Matsumoto, "Tiny Mersenne Twister
>               (TinyMT) web site",
>               <http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/TINYMT/>.
> 
>> Adding some text or references to expand on
>> the mentioned limitations of RFC5170 or to describe how the parameter set
>> from which the parameters selected in this draft would be nice as well.
> 
> [VR] We agree. I’ve added a mention to the « Numerical Recipes in C » 2nd
> edition for the limits of the Park-Miller PRNG specified in RFC 5170, as well
> as the companion RLC I-D where we mention the observations we made with
> this PRNG.
> 
> NEW:
>    […] TinyMT32 represents a major improvement with respect to the
>    Park-Miler Linear Congruential PRNG (e.g., as specified in [RFC5170])
>    that suffers several known limitations (see for instance [PTVF92],
>    section 7.1, pp. 279, and [RLC-ID], Appendix B).
> 
> 
> Concerning the chosen parameter set, they have been selected among an
> official list of parameter set values, as explained. It’s a bit arbitrary (we
> chose
> the 1st entry), as explained, but it’s a common parameter set (there’s a
> publication based on it listed in the Informative References section).
> There’s of course a theoretical background but I don’t think it’s worth
> entering 
> that kind of details (especially as the two authors didn’t publish a research
> paper on TinyMT32).
> 
> Thanks a lot for your comments.
> 
> Cheers,
> 
>   Vincent on behalf of the authors