On Tue, Jul 25, 2017 at 9:21 PM, Christian Huitema <huit...@huitema.net> wrote: > ... > Not sure. I am looking at the implementations of QUIC. QUIC needs its own > set of random numbers for things like connection ID or initial sequence > number. The most natural thing to do is do get them from the OS API, > /dev/random or cryptogenrandom(), but that requires platform specific code...
Somewhat related (but OT for TLS-WG): According to the Linux Kernel Crypto folks, you should not use /dev/random because it is a deprecated interface. You should use /dev/urandom, and it has been recommend for the last decade or so. Also see "[RFC PATCH v12 3/4] Linux Random Number Generator" (https://lkml.org/lkml/2017/7/20/993) on the kernel-crypto mailing list. The BSDs, OS X, DragonFly, and others may be different. But for Linux the advice is clear. Jeff _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
