Re: [TLS] Last Call: draft-hoffman-tls-additional-random-ext (Additional Random

[Nicolas Williams <Nicolas.Williams@oracle.com>]

On Tue, Apr 27, 2010 at 06:23:13AM -0400, Dean Anderson wrote:
> On Mon, 26 Apr 2010, Nicolas Williams wrote:
> > On Mon, Apr 26, 2010 at 04:18:33PM -0500, Marsh Ray wrote:
> > > The draft was said to strengthen some properties of the protocol,
> > > particularly entropy in the RNG. In order to evaluate the draft, we need
> > > to agree on what those properties are supposed to be and how they affect
> > > the different protocol structures.
> > 
> > By analogy to legal review, if we don't need to reach the issue, then we
> > don't need to discuss it.
> >
> > RNG/PRNG matters either apply, in which case we can might in, or they
> > don't.  
> 
> The subject of entropy of PRNGs is substance of the draft.

If we knew what the extension was for then we could consider the
rationale for it in detail; but we don't.  The I-D is too thin.  This is
my main objection to the I-D _at this time_.

> The only way not to reach a question about substance is to not even get
> to the contents of the draft for some other reason (e.g. procedural
> objection). But you have no such objection, and no reason not to get to
> an analysis of the contents of draft, so there is no reason to avoid
> analysis of the substance.

That's not right.  If the I-D explicitly stated that the purpose for
this extension was to strengthen TLS key exchange by adding more entropy
we could then discuss whether adding more "random" octets from the same
source could help, long, long before we got to examine the source in
detail.  The reason is that either your RNG is good enough or it's not,
and if it's not then we should assume that adding more "random" octets
to the protocol is likely to _hurt_ more than help.  The assumption in
the previous sentence is all we need to know about RNGs for this
discussion.

By analogy to legal processes, there are ways to avoid reaching an issue
that are not procedural.

Nico
--