<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-2022-jp"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"MS Gothic";
panose-1:2 11 6 9 7 2 5 8 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"MS PGothic";
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Cambria-Bold;}
@font-face
{font-family:Cambria-BoldItalic;}
@font-face
{font-family:Cambria;
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"\@MS Gothic";
panose-1:2 11 6 9 7 2 5 8 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:JA;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"MS Gothic",serif;
mso-fareast-language:JA;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"MS PGothic",serif;
mso-fareast-language:JA;}
p.line867, li.line867, div.line867
{mso-style-name:line867;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;
mso-fareast-language:JA;}
p.line874, li.line874, div.line874
{mso-style-name:line874;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;
mso-fareast-language:JA;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
mso-fareast-language:JA;}
span.EmailStyle25
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='mso-fareast-language:EN-US'>April 1 is just a placeholder - because this is a pre-ballot, the actual date will depend on the feedback we receive. I think nearly all CA systems already do this. Who doesn�$B!G�(Bt do this yet? That�$B!G�(Bs what we need to find out.<o:p></o:p></span></p><p class=MsoNormal><a name="_MailEndCompose"><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></a></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> public-bounces@cabforum.org [mailto:public-bounces@cabforum.org] <b>On Behalf Of </b>kirk_hall@trendmicro.com<br><b>Sent:</b> Saturday, February 27, 2016 11:31 AM<br><b>To:</b> CABFPub <public@cabforum.org><br><b>Subject:</b> Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>For clarity, I pasted in current BR 7.1 below. Later sections of Sec. 7.1 refer separately to Root Certificates, Subordinate CA Certificates, and Subscriber Certificates (Sec. 7.1.2.1 through 7.1.2.3). So this proposal would apply to all three categories of certificates, correct? <o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>If we adopt this, instead of starting �$B!H�(BEffective April 1, 2016 ***�$B!I�(B maybe we should say �$B!H�(BFor certificates generated on or after April 1, 2016 ***�$B!I�(B to make it clear that certificates generated before that date do not need to be reissued. Also, is April 1 a little close for people to change their systems?<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-size:12.0pt;font-family:Cambria-Bold'>7. CERTIFICATE, CRL, AND OCSP PROFILES</span></b><o:p></o:p></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-size:12.0pt;font-family:Cambria-Bold'> </span></b><o:p></o:p></p><p class=MsoNormal style='text-autospace:none'><b><i><span style='font-size:12.0pt;font-family:Cambria-BoldItalic'>7.1. CERTIFICATE PROFILE</span></i></b><o:p></o:p></p><p class=MsoNormal style='text-autospace:none'><b><i><span style='font-size:12.0pt;font-family:Cambria-BoldItalic'> </span></i></b><o:p></o:p></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Cambria",serif'>The CA SHALL meet the technical requirements set forth in Section 2.2 – Publication of Information, Section 6.1.5– Key Sizes, and Section 6.1.6 – Public Key Parameters Generation and Quality Checking. CAs SHOULD generate non�$B!>�(Bsequential Certificate serial numbers that exhibit at least 20 bits of entropy.</span><o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> <a href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a> [<a href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>] <b>On Behalf Of </b>Ben Wilson<br><b>Sent:</b> Friday, February 26, 2016 1:50 PM<br><b>To:</b> CABFPub<br><b>Subject:</b> [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy<o:p></o:p></p></div></div><p class=MsoNormal> <o:p></o:p></p><p class=line867><strong><span style='font-weight:normal'>For discussion:</span></strong><o:p></o:p></p><p class=line867><strong>Pre-Ballot 164 - Certificate Serial Number Entropy</strong> <o:p></o:p></p><p class=line874>-- Motion Begins -- <o:p></o:p></p><p class=line874>In Section 7.1 of the Baseline Requirements, <o:p></o:p></p><p class=line874>REPLACE <o:p></o:p></p><p class=line874>"CAs SHOULD generate non-sequential Certificate serial numbers that exhibit at least 20 bits of entropy" <o:p></o:p></p><p class=line874>WITH <o:p></o:p></p><p class=line874>"Effective April 1, 2016, CAs SHALL use a Certificate serialNumber greater than zero (0) that contains at least 64 unpredictable bits." <o:p></o:p></p><p class=line874>-- Motion Ends -- <o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><table class=MsoNormalTable border=0 cellspacing=5 cellpadding=0><tr><td style='background:white;padding:.75pt .75pt .75pt .75pt'><table class=MsoNormalTable border=0 cellspacing=5 cellpadding=0><tr><td style='padding:.75pt .75pt .75pt .75pt'><pre><o:p> </o:p></pre><pre>TREND MICRO EMAIL NOTICE<o:p></o:p></pre><pre>The information contained in this email and any attachments is confidential <o:p></o:p></pre><pre>and may be subject to copyright or other intellectual property protection. <o:p></o:p></pre><pre>If you are not the intended recipient, you are not authorized to use or <o:p></o:p></pre><pre>disclose this information, and we request that you notify us by reply mail or<o:p></o:p></pre><pre>telephone and delete the original message from your mail system.<o:p></o:p></pre></td></tr></table></td></tr></table><p class=MsoNormal><span style='font-size:12.0pt;font-family:"MS PGothic",serif'><o:p> </o:p></span></p></div></body></html>