Eliot Lear <[email protected]> wrote: >> I mean, we literally say "Reducing the possibility of this is why the >> pledge is mandated to generate a strong random or pseudo-random number >> nonce." So to also say "the nonce [...] does not require a strong >> cryptographic randomness" seems to be in conflict with the former >> statement. >> Are you saying that "strong random" and "strong cryptographic random" mean >> different things, or am I misreading the document in some other way?
> I would just drop the statement. The whole point of the nonce is to
> prevent replay attacks, so why would we want to weaken that?
I don't want someone to think that they need to include an additional
source of hardware entropy just for the nonce. They already need a well
seeded PRNG (RFC4086) for TLS operation, and that's more than enough.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
