On Wed, Apr 2, 2014 at 7:57 AM, Donald Eastlake <[email protected]> wrote: > Hi, > > Yes, the "bad ideas" section of RFC 4086bis > (draft-eastlake-randomness3-00) seems like a good place to collect > additional things not to do. >
No. Do not enumerate badness. Instead model correct behavior. You will not be able to list all the ways someone can make a mistake, but you can explain a way to do things right. The current draft is also missing a discussion of the impact of fork and threading on random number generators, which can turn a perfectly working one into something utterly broken. Sincerely, Watson Ladd > I am planning to update that draft soon... > > Thanks, > Donald > ============================= > Donald E. Eastlake 3rd +1-508-333-2270 (cell) > 155 Beaver Street, Milford, MA 01757 USA > [email protected] > > > On Wed, Apr 2, 2014 at 10:24 AM, Sandy Harris <[email protected]> wrote: >> On Tue, Apr 1, 2014 at 1:10 PM, Stephen Farrell >> <[email protected]> wrote: >> >>> It seems like there's a lot of knowledge on that spread >>> about and if there was someone was willing and able maybe >>> an informational RFC about mistakes that have been made >>> and how implementers can avoid 'em might be useful. >> >> I think the old RFC 1750 and current 4086 pretty much cover that. >> https://tools.ietf.org/html/rfc4086 >> >> There has been mailing list discussion of an update to 4086, but >> I do not know how that is progressing. >> >>> Or maybe there's a survey paper out there somewhere >>> or thesis that already has a load of that material? >> >> At least two reference pages have been mentioned on >> various lists. I have looked at two and found both quite >> good. Unfortunately, I only recall one URL: >> http://www.av8n.com/computer/htm/secure-random.htm >> >> _______________________________________________ >> dsfjdssdfsd mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/dsfjdssdfsd > > _______________________________________________ > dsfjdssdfsd mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dsfjdssdfsd -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin _______________________________________________ dsfjdssdfsd mailing list [email protected] https://www.ietf.org/mailman/listinfo/dsfjdssdfsd
