Last Call Review of draft-ietf-tsvwg-tinymt32-01
review-ietf-tsvwg-tinymt32-01-secdir-lc-wallace-2019-05-23-00
Request | Review of | draft-ietf-tsvwg-tinymt32 |
---|---|---|
Requested revision | No specific revision (document currently at 06) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2019-05-13 | |
Requested | 2019-04-29 | |
Authors | Mutsuo Saito , Makoto Matsumoto , Vincent Roca , Emmanuel Baccelli | |
I-D last updated | 2019-05-23 | |
Completed reviews |
Genart Last Call review of -01
by Stewart Bryant
(diff)
Secdir Last Call review of -01 by Carl Wallace (diff) |
|
Assignment | Reviewer | Carl Wallace |
State | Completed | |
Request | Last Call review on draft-ietf-tsvwg-tinymt32 by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/4ulExCiIlWNx1iREJEtyhqCVJfc | |
Reviewed revision | 01 (document currently at 06) | |
Result | Has issues | |
Completed | 2019-05-23 |
review-ietf-tsvwg-tinymt32-01-secdir-lc-wallace-2019-05-23-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes the TinyMT32 Pseudo Random Number Generator (PRNG) that produces 32-bit pseudo-random unsigned integers and aims at having a simple-to-use and deterministic solution. The document is well written and the sample code produces the sample output. I am not a mathematician so no comments on the mechanism. I have a few minor nits/comments. The security considerations may benefit from repeating the last sentence of the fourth paragraph in the introduction (I.e., not 'meant to be used for cryptographic applications'). The bibliography should include all of the references cited in the draft. Adding some text or references to expand on the mentioned limitations of RFC5170 or to describe how the parameter set from which the parameters selected in this draft would be nice as well.