[TLS] Re: rfc8446-bis CSPRNG
Martin Thomson <mt@lowentropy.net> Mon, 10 February 2025 06:59 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55139C1D52E7 for <tls@ietfa.amsl.com>; Sun, 9 Feb 2025 22:59:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b="ai79sfN+"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="ufKbk4Mi"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oJ6hNoa2-xTq for <tls@ietfa.amsl.com>; Sun, 9 Feb 2025 22:59:40 -0800 (PST)
Received: from fhigh-b4-smtp.messagingengine.com (fhigh-b4-smtp.messagingengine.com [202.12.124.155]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30A2EC1D52F2 for <tls@ietf.org>; Sun, 9 Feb 2025 22:59:39 -0800 (PST)
Received: from phl-compute-05.internal (phl-compute-05.phl.internal [10.202.2.45]) by mailfhigh.stl.internal (Postfix) with ESMTP id 1F18425400D6 for <tls@ietf.org>; Mon, 10 Feb 2025 01:59:39 -0500 (EST)
Received: from phl-imap-08 ([10.202.2.84]) by phl-compute-05.internal (MEProxy); Mon, 10 Feb 2025 01:59:39 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1739170778; x=1739257178; bh=wFy5FJvnsr8t4Y2MCVsJgtIIedyU/XghI34g10hJRyA=; b= ai79sfN+nqDCKgaZBU/MMe/bLqn9oNadfDA6TuztSQ2URe1u3ADFhqItRdjiHj92 MG5DXdZFKZjqCDJxoqQr9++HLgjMxLfHkqi/4obeNzCkoDdlbL6ZfsTj89jdy6j5 +a4L9PLXZ9htauU7bD0MATl31u7yemgskdldH+DMMNoaYfKP2dq7q+tLu5D3c3ey Yq4tXqCM68U9M05sMBOumFlFKjBEhJtTPbGnWV56vxhIOrLO7gbdXrxtKLDR6W0T kW1MMhCAnZj5AuhrNLICq0QZeV9b8NnLOlRsceF2R4jmBj53NOaTyT2cfr+twJ9W RfqnPiHeg0i908l/P9WowQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; t=1739170778; x=1739257178; bh=w Fy5FJvnsr8t4Y2MCVsJgtIIedyU/XghI34g10hJRyA=; b=ufKbk4Mi8zap6H4G/ mr2sA4uLiJSDwa8FhkS/zV+rCI02YWCEaeeJVkCI910nIB/MCLJw6cfvxxY0sLZ4 ThJcbEtdSb9eThfxakJyTX7qoPevQkS6OoLc7AUY1+n1w2o1xsHgNbgsOqhJhG8C 7at+mK+Itvm+Up++cE3XUEFRMbm/8APAuSoh2g2Au4vbCYz4SHoZm8OJh8ZMKy2i DJRBXILaZbdik5g3y99U9rjulY3S7zwdl8SnbIv+RyMXFL5/gKiT5D7SVDjC4Rls +Hv0N4na9248xKVxogNmhRb8icwYougGBr5Dist+f7uiXoxf8rrEdKx7sfoJj6M9 eh0QA==
X-ME-Sender: <xms:2qOpZwpxJgJBNdGIN2jGLEGMs8r5NEmL4l2KVDg5bsIo-Z1z5HCQHA> <xme:2qOpZ2o5G518_1zFdS7wyzXYLIGK9sYS7_G5RwdsNoeZc_KveFwUEDEKX1wQ_AnPs ZCJW9siNgVm8cF5-_A>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdefjeeflecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhepofggff fhvffkjghfufgtgfesthejredtredttdenucfhrhhomhepfdforghrthhinhcuvfhhohhm shhonhdfuceomhhtsehlohifvghnthhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnh epueeludegfeelhfektdffveelgefhtefguddtfeevteettdevgefgfeeilefftefgnecu vehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhhtsehloh ifvghnthhrohhphidrnhgvthdpnhgspghrtghpthhtohepuddpmhhouggvpehsmhhtphho uhhtpdhrtghpthhtohepthhlshesihgvthhfrdhorhhg
X-ME-Proxy: <xmx:2qOpZ1MGRSu1r0EX2Cq49m5zVManRohZKcN_CUMJhitLTcD0gHub6g> <xmx:2qOpZ36veYMS2aXEghyAanjpKAGvYvGWCabCzHiC0r-DmEvkuxIUdA> <xmx:2qOpZ_6w5pZPtQ_zmm83dQKIBctx_tjklq9mL2Kvsda6qf_Rjq8fAg> <xmx:2qOpZ3gsTHKWx4qPd6Qj4JHAXLuHk6EEpZAiQh0DmiTPaIQhlDK6KQ> <xmx:2qOpZ8h6HxJvDQXhx6655wvjnOWRKHZATrbKw2gq2U7mdWKazlvEOQ-O>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.phl.internal (Postfix, from userid 501) id BDBDA18A006E; Mon, 10 Feb 2025 01:59:38 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
MIME-Version: 1.0
X-ThreadId: Ta6a4615401d10e1d
Date: Mon, 10 Feb 2025 17:59:17 +1100
From: Martin Thomson <mt@lowentropy.net>
To: tls@ietf.org
Message-Id: <15641615-cbf0-427b-876e-285cc20d4ba2@betaapp.fastmail.com>
In-Reply-To: <CAOp4FwQ7MRNcnJR00RcH3kQJGw7sjW+K6k9H=9uBi-9B6YifPQ@mail.gmail.com>
References: <CAOp4FwQ7MRNcnJR00RcH3kQJGw7sjW+K6k9H=9uBi-9B6YifPQ@mail.gmail.com>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Message-ID-Hash: KIRFWIZRAM34DEUIBJFUH2ODJ4YKM2HZ
X-Message-ID-Hash: KIRFWIZRAM34DEUIBJFUH2ODJ4YKM2HZ
X-MailFrom: mt@lowentropy.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: rfc8446-bis CSPRNG
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ysG8qnKF9n7_KVPyGjKlePG34i4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
On Mon, Feb 10, 2025, at 17:48, Loganaden Velvindron wrote: > This caught my attention: > >> [...] **such as /dev/urandom** [...] > > /dev/urandom is nice, but many OSes have adopted the getrandom() > interface. The advantage is that you don't need an additional file > description open and it can work in a chroot too ... Yes, there are better interfaces, but this is offered as an example, so I think that's fine.
- [TLS] rfc8446-bis CSPRNG Loganaden Velvindron
- [TLS] Re: rfc8446-bis CSPRNG Martin Thomson