On Wed, Aug 21, 2019 at 05:55:44PM -0400, David Benjamin wrote:
> On Wed, Aug 14, 2019 at 4:09 AM Francis Dupont <francis.dup...@fdupont.fr>
> wrote:
> >  - 5 page 7: I have a concern about your use of the term random. In fact
> >   even it is a security document here random is just plain English
> >   (vs any crypto meaning). Constraints seems to be:
> >    * coverage: the set of used values should not be small
> >    * privacy: fingerprinting should not be easy
> >   I do not propose any solution: just follow recommendations of
> >   the security directorate in the case this point is a problem.
> >
> Ack. +Benjamin Kaduk <ka...@mit.edu>, do you have preferences on this? I
> don't think the requirements on "random" are particularly strong, so I
> don't know if we should prescribe cryptographic randomness. At the same
> time, it is perhaps odd to just say "random".

I think it's okay to just say "random" here.  There's no harm if someone
chooses to use cryptographic randomness, but it's also okay to make a
predictable choice (by using poor-quality randomness to guide what is, in
essence, an arbitrary selection).


> My implementation just draws from the PRNG because it's easy, but if the
> values are predictable, it doesn't expose user-fingerprinting surface,
> which is the more important one. (User-fingerprinting would come more from
> doing something stateful or user-specific.) It does expose
> implementation-fingerprinting surface, but even sending GREASE does so too.
> TLS is full of implementation decision and policy points (e.g. the entire
> ClientHello), nearly every one of which contributes to the implementation
> fingerprint. :-/

Gen-art mailing list

Reply via email to