Eliot Lear <l...@cisco.com> wrote:
>> I mean, we literally say "Reducing the possibility of this is why the
>> pledge is mandated to generate a strong random or pseudo-random number
>> nonce." So to also say "the nonce [...] does not require a strong
>> cryptographic randomness" seems to be in conflict with the former
>> statement.
>> Are you saying that "strong random" and "strong cryptographic random"
mean
>> different things, or am I misreading the document in some other way?
> I would just drop the statement. The whole point of the nonce is to
> prevent replay attacks, so why would we want to weaken that?
I don't want someone to think that they need to include an additional
source of hardware entropy just for the nonce. They already need a well
seeded PRNG (RFC4086) for TLS operation, and that's more than enough.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
