I quoted authirs saying ""Cryptographic parity" is not a common phrase among cryptographers. It is not defined in the document, and its intended meaning is highly unclear." What was written by NSA that was clearer then? Link or quote? If it's "the randomness in a crypto transport had to be of arbitrary length, contributed both by client and server, and tied to keying" then it's just a somehow rephrased "the public randomness for each side should be at least twice as long as the security level" which I (and the article authors before) also quoted as a DoD excuse.
I don't care what NSA's rationale for extended-random is. You're still discussing this as if extended-random was an attempt to change the version of TLS that you and I use. It was not. It was so much not that, that the primary objection to it in the TLS-WG is that the extension worked in such a way that it made an end-run around the TLS standards process (in allocating extension numbers) in order to avoid being standardized for normal TLS. Because its authors didn't expect us to use it.
Bernstein cavalierly mentions Rescorla in this paper, but never provides the additional color that Rescorla himself on the mailing list said he had no idea why the extension needed to exist, and did not understand its parameters.
Rescorla is an extremely sharp person. Do you think he thought, "I don't understand this extension, but NSA says it's important, so we'll all use it?" Of course he didn't.
And I likewise don't care about Rescorla, I've never mentioned him in this discussion and I don't know why you bring him up in this thread. I see that Bernstein mentions him, but I really haven't.
It's obvious that DoD guys managed to add to the standard texts (most of the people reading would never know that it should be ignored, the text is there among all the other important texts) the mode in which enough output of the RNG will be part of the initial communication. The step 2, "now just implement it, here's the link" maybe hasn't occurred this time but it was almost a kind of backdoor entry to the standardization process. I can imagine that even if it wasn't really successful under your criteria, the DoD guy who managed to push it even that far could have been promoted. Or if somebody outside was involved with such a goal, could have received nice fees ("see, it's there, looks like the text of the standard, quacks like the text of the standard..."). Exactly like this discussion we have now: I can easily quote the text of that proposal (it's easy to Google it) and "it looks legit" (heh) but I have honestly no idea how I'd even find what was written in the relevant mailing lists at that time (or even more honestly, I know that I'd probably find it when spending more time than I'd like to spend, so I prefer just communicating, like most of the potential "targets"). For completeness, even if you already wrote what you consider important, I'd surely welcome your links to the relevant posts you mention.
