Hi, > On 29 Oct 2019, at 04:18, Benjamin Kaduk <ka...@mit.edu> wrote: > > I mean, we literally say "Reducing the possibility of this is why the > pledge is mandated to generate a strong random or pseudo-random number > nonce." So to also say "the nonce [...] does not require a strong > cryptographic randomness" seems to be in conflict with the former > statement. > Are you saying that "strong random" and "strong cryptographic random" mean > different things, or am I misreading the document in some other way?
I would just drop the statement. The whole point of the nonce is to prevent replay attacks, so why would we want to weaken that? Eliot
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima