What is "verifiably at random"??? (Was RE: I-D Action:draft-ietf-pkix-ecc-subpubkeyinfo-00.txt)

["Kemp, David P." <DPKemp@xxxxxxxxxxxxxx>]

Section 2.1.1.2.1 of the new ECC I-D states:

   If version is ecdpVer2, then the curve and the base point
   G shall be generated verifiably at random, and curve.seed
   shall be present.

It seems quite peculiar to say that a value is generated "at random"
when the value has zero entropy (as is the case when a curve and base
point are generated by hashing a seed and the value of the seed is
known).  That's almost as peculiar as claiming that the well known
constant PI is random.


RFC 3797 Section 3 states:

   The crux of the unbiased nature of the selection is that it is based
   in an exact, predetermined fashion on random information which will
   be revealed in the future and thus can not be known to the person
   specifying the algorithm.

Unlike RFC 3797, the ECC I-D contains no recommendations concerning the
selection of random (unpredictable) values of curve.seed.  A CA that
wishes to manipulate the values of curve and G may have some
computational effort to determine a seed, but computation is possible
assuming that the pool of suitable manipulated values is not too sparse.

Please replace the phrase "generated verifiably at random" with
something like "generated deterministically" that does not imply that
there is some entropy/unpredictability involved in the process.