On 16. Feb 2021, at 18:59, Michael Richardson <[email protected]> wrote: > > I was really annoyed with ECDSA until the deterministic version came to > light, and I really don't want to go back.
For environments with questionable random number generators, going from full reliance on that randomness to deterministic certainly was progress. We certainly don’t want to go back on that for IoT applications. But we can’t ignore the attacks that have become possible by deterministic processing. So adding back in some randomness, without again fully relying on that, seems to be the way to go in the future. That is what the security considerations could say. Grüße, Carsten _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
