- From: Martin Thomson <mt@lowentropy.net>
- Date: Mon, 30 Jun 2025 10:43:25 +1000
- To: ietf-http-wg@w3.org
On Sat, Jun 28, 2025, at 04:00, Robert Rothenberg wrote: > Looking at RFC 6455 on WebSockets, it says > > > The value of this header field MUST be a nonce consisting of a > randomly selected 16-byte value that has been base64-encoded (see > Section 4 of [RFC4648]). The nonce MUST be selected randomly for each > connection. > > I am assuming this should use a CSPRNG to generate the random bytes. But > as far as I can tell, there is nothing in the RFC that explicitly says > that about this field. > > Does it matter how those bytes are generated, or was this an oversight? "selected randomly" says all that is necessary. Generally, the true requirement is that the value be unpredictable to some group. In this case, it needs to be unpredictable to the entity that receives the request (i.e., just like the masking you cite), so that it cannot rely on pregenerated responses. So a CSPRNG would be acceptable. As would a PRG, provided that it is seeded with something that the recipient also cannot predict.
Received on Monday, 30 June 2025 00:43:51 UTC