On Wed, Aug 21, 2019 at 05:55:44PM -0400, David Benjamin wrote: > On Wed, Aug 14, 2019 at 4:09 AM Francis Dupont <francis.dup...@fdupont.fr> > wrote: > > > - 5 page 7: I have a concern about your use of the term random. In fact > > even it is a security document here random is just plain English > > (vs any crypto meaning). Constraints seems to be: > > * coverage: the set of used values should not be small > > * privacy: fingerprinting should not be easy > > I do not propose any solution: just follow recommendations of > > the security directorate in the case this point is a problem. > > > > Ack. +Benjamin Kaduk <ka...@mit.edu>, do you have preferences on this? I > don't think the requirements on "random" are particularly strong, so I > don't know if we should prescribe cryptographic randomness. At the same > time, it is perhaps odd to just say "random".
I think it's okay to just say "random" here. There's no harm if someone chooses to use cryptographic randomness, but it's also okay to make a predictable choice (by using poor-quality randomness to guide what is, in essence, an arbitrary selection). -Ben > My implementation just draws from the PRNG because it's easy, but if the > values are predictable, it doesn't expose user-fingerprinting surface, > which is the more important one. (User-fingerprinting would come more from > doing something stateful or user-specific.) It does expose > implementation-fingerprinting surface, but even sending GREASE does so too. > TLS is full of implementation decision and policy points (e.g. the entire > ClientHello), nearly every one of which contributes to the implementation > fingerprint. :-/ _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www.ietf.org/mailman/listinfo/gen-art