Last Call Review of draft-ietf-tsvwg-tinymt32-01
review-ietf-tsvwg-tinymt32-01-secdir-lc-wallace-2019-05-23-00

Request Review of draft-ietf-tsvwg-tinymt32
Requested rev. no specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2019-05-13
Requested 2019-04-29
Authors Mutsuo Saito, Makoto Matsumoto, Vincent Roca, Emmanuel Baccelli
Draft last updated 2019-05-23
Completed reviews Genart Last Call review of -01 by Stewart Bryant (diff)
Secdir Last Call review of -01 by Carl Wallace (diff)
Assignment Reviewer Carl Wallace
State Completed
Review review-ietf-tsvwg-tinymt32-01-secdir-lc-wallace-2019-05-23
Posted at https://mailarchive.ietf.org/arch/msg/secdir/4ulExCiIlWNx1iREJEtyhqCVJfc
Reviewed rev. 01 (document currently at 06)
Review result Has Issues
Review completed: 2019-05-23

Review
review-ietf-tsvwg-tinymt32-01-secdir-lc-wallace-2019-05-23

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments
just like any other last call comments.

This document describes the TinyMT32 Pseudo Random Number Generator (PRNG)
that produces 32-bit pseudo-random unsigned integers and aims at having a
simple-to-use and deterministic solution. The document is well written and
the sample code produces the sample output. I am not a mathematician so no
comments on the mechanism. I have a few minor nits/comments. The security
considerations may benefit from repeating the last sentence of the fourth
paragraph in the introduction (I.e., not 'meant to be used for
cryptographic applications'). The bibliography should include all of the
references cited in the draft. Adding some text or references to expand on
the mentioned limitations of RFC5170 or to describe how the parameter set
from which the parameters selected in this draft would be nice as well.