The main argument I see from the RFC for deterministic ECDSA is computing k on systems without high quality entropy sources. But any system running a TLS stack is already going to have a high quality entropy source for client/server randoms and IVs and such, so what's the benefit of deterministic ECDSA here?
-Jake M On Jan 23, 2016 11:13 AM, "Joseph Birr-Pixton" <jpix...@gmail.com> wrote: > Hi, > > I'd like to propose that TLS1.3 mandates RFC6979 deterministic ECDSA. > > For discussion, here's a pull request with possible language: > > https://github.com/tlswg/tls13-spec/pull/406 > > Cheers, > Joe > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
