Agreed Hannes and Esko.
For completeness, here is how the updated text looks like. It should cover what
we discussed in this thread.
~
5.8. Server-side Key Generation
In scenarios where it is desirable that the server generates the private key,
server-side key generation should be used
The draft is not recommending against RNGs in any way and hopefully there will
be no room for such misunderstandings in the updated text.
Panos
From: Ace On Behalf Of Damm, Benjamin
Sent: Wednesday, May 15, 2019 10:29 AM
To: Hannes Tschofenig ; Paul Duffy (paduffy)
; ace@ietf.org
Subject: Re:
The point I'm making Hannes is that, though not so long ago the "cost"
for RNG was prohibitive for many constrained end-devices ... this is
more often no longer the case and improving every month (despite
whatever other security functions are packaged within the module).
On 5/14/2019 7:29 PM,
Low-throughput RNG should be a must for IoT. Certainly in our environment
devices that are unable to generate keys would be unacceptable. Hopefully we
won’t codify such an abomination in any protocol.
-Ben
Benjamin Damm
Cell: +1-415-297-5474
Web: https://Itron.com
_
My understanding of the use case for server generated keys is for existing,
deployed systems where the system can easily get a firmware update, but the
hardware TPM itself is unable/unwilling to generate new keys, and can't be
upgraded, but keys can be loaded.
Systems like Hannes' company produce