Eliot Lear <l...@cisco.com> wrote: >> I mean, we literally say "Reducing the possibility of this is why the >> pledge is mandated to generate a strong random or pseudo-random number >> nonce." So to also say "the nonce [...] does not require a strong >> cryptographic randomness" seems to be in conflict with the former >> statement. >> Are you saying that "strong random" and "strong cryptographic random" mean >> different things, or am I misreading the document in some other way?
> I would just drop the statement. The whole point of the nonce is to > prevent replay attacks, so why would we want to weaken that? I don't want someone to think that they need to include an additional source of hardware entropy just for the nonce. They already need a well seeded PRNG (RFC4086) for TLS operation, and that's more than enough. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima