RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 4086, "Randomness Requirements for Security", June 2005

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 3106
Status: Rejected
Type: Technical

Reported By: Florian Weimer
Date Reported: 2012-02-05
Rejected by: Sean Turner
Date Rejected: 2012-05-06

Section 4.4 says:

(see below)

It should say:

(remove entire section)

Notes:

Compression is not suitable for de-skewing, even if headers are removed. For most compression algorithms, discriminators are known. For instance, in gzip output, the most significant bit of each byte is set with a frequency somewhat above 0.501 (except for small inputs). This means that the output is not uniformly distributed even when looking at isolated bytes.

I recommend removal of the entire section.
--VERIFIER NOTES--
I agree with the author:

Just to be crystal clear, I believe there is no "error" here. Just a
judgement call as to whether Section 4.4 should have been included. My
judgement that it should be included was ratified by the IETF at the
time the RFC was approved.

Report New Errata