On Mon 2016-01-25 14:10:13 -0500, Yoav Nir wrote: >> On 25 Jan 2016, at 5:08 PM, Salz, Rich <rs...@akamai.com> wrote: >> >>> But any system running a TLS stack is already going to have a high quality >>> entropy source for client/server randoms and IVs and such >> >> That's assuming a constraint that isn't accurate. > > Eh. Just s/is/should/
Remember that keys (whether in HSMs or not) can be moved between implementations. While it seems (hopefully) likely that most keys will usually be used with a TLS stack with a high-quality entropy source, it's also possible that the key gets used occasionally with some other, less sophisticated code or platform. We should be pushing heavily for deterministic ECDSA, even though it's not something we can require via wire protocol at runtime. --dkg _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
