On Wed, Apr 2, 2014 at 11:18 AM, Watson Ladd <[email protected]> wrote: > On Wed, Apr 2, 2014 at 7:57 AM, Donald Eastlake <[email protected]> wrote: >> Hi, >> >> Yes, the "bad ideas" section of RFC 4086bis >> (draft-eastlake-randomness3-00) seems like a good place to collect >> additional things not to do. >> > > No. Do not enumerate badness. Instead model correct behavior. You will
No, yourself. We had this same discussion before RFC 1750 and before RFC 4086. I would agree that it should emphasize the right thing to do more than it emphasizes the wrong thing to do. And I'd be fine with relegating what not to do to an appendix or something. But I'm not willing to dump the information from the draft about what not to do. > not be able to list all the ways someone can make a mistake, but you > can explain a way to do things right. The current draft is also > missing a discussion of the impact of fork and threading on random > number generators, which can turn a perfectly working one into > something utterly broken. Yes, there are things missing that should be added. Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA [email protected] > Sincerely, > Watson Ladd > >> I am planning to update that draft soon... >> >> Thanks, >> Donald >> ============================= >> Donald E. Eastlake 3rd +1-508-333-2270 (cell) >> 155 Beaver Street, Milford, MA 01757 USA >> [email protected] >> >> >> On Wed, Apr 2, 2014 at 10:24 AM, Sandy Harris <[email protected]> wrote: >>> On Tue, Apr 1, 2014 at 1:10 PM, Stephen Farrell >>> <[email protected]> wrote: >>> >>>> It seems like there's a lot of knowledge on that spread >>>> about and if there was someone was willing and able maybe >>>> an informational RFC about mistakes that have been made >>>> and how implementers can avoid 'em might be useful. >>> >>> I think the old RFC 1750 and current 4086 pretty much cover that. >>> https://tools.ietf.org/html/rfc4086 >>> >>> There has been mailing list discussion of an update to 4086, but >>> I do not know how that is progressing. >>> >>>> Or maybe there's a survey paper out there somewhere >>>> or thesis that already has a load of that material? >>> >>> At least two reference pages have been mentioned on >>> various lists. I have looked at two and found both quite >>> good. Unfortunately, I only recall one URL: >>> http://www.av8n.com/computer/htm/secure-random.htm >>> >>> _______________________________________________ >>> dsfjdssdfsd mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/dsfjdssdfsd >> >> _______________________________________________ >> dsfjdssdfsd mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/dsfjdssdfsd > > > > -- > "Those who would give up Essential Liberty to purchase a little > Temporary Safety deserve neither Liberty nor Safety." > -- Benjamin Franklin _______________________________________________ dsfjdssdfsd mailing list [email protected] https://www.ietf.org/mailman/listinfo/dsfjdssdfsd
