On Wed, Jul 08, 2026 at 12:11:48PM -0700, Christian Huitema wrote: > > Looking at the generic issue, I would have loved to find a more recent > reference than RFC 4086, Randomness Requirements for Security.
Yeah, me, too (and I have for a long time). That's why https://www.rfc-editor.org/info/rfc8446/#appendix-C.1 (which davidben linked earlier today) talks about "use an existing CSPRNG, like /dev/urandom" and only mentions RFC 4086 if such things are unsatisfactory. -Ben _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
