
<html>


<head>


<meta http-equiv="Content-Type" content="text/html; charset=utf-8">


</head>


<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">


Hi, 


<div class=""><br class="">


</div>


<div class="">The current requirement was part of root program conditions already before first version of BR-s were published and could be taken as a requirement while developing or purchasing the CA software. As the vendor claimed compliance, we believe to


 be compliant.<br class="">


Changing to 64 bits may or may not make a difference - we have to check with the vendor. Adding some other restrictions on the types of acceptable RNGs is another change in requirements that may or may not make a difference.<br class="">


We also have to check with the auditors about what evidence they would like to see to believe that long enough seemingly random number comes from an acceptable source.<br class="">


<br class="">


But the question is more general - to which level you expect a CA to have control over the software it is using and to which level auditors should have access to it? </div>


<div class=""><br class="">


</div>


<div class=""><br class="">


<div apple-content-edited="true" class="">Best regards,</div>


<div apple-content-edited="true" class=""><br class="">


Eneli Kirme<br class="">


<br class="">


</div>


<br class="">


<div>


<blockquote type="cite" class="">


<div class="">On 28 Apr 2016, at 08:44, Ryan Sleevi <<a href="mailto:sleevi@google.com" class="">sleevi@google.com</a>> wrote:</div>


<br class="Apple-interchange-newline">


<div class="">


<p dir="ltr" class="">How do you comply with the existing requirement for 20 bits? Do you believe 64 bits would be different?</p>


<div class="gmail_quote">On Apr 27, 2016 10:29 PM, "Eneli Kirme" <<a href="mailto:Eneli.Kirme@sk.ee" class="">Eneli.Kirme@sk.ee</a>> wrote:<br type="attribution" class="">


<blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


<div style="word-wrap:break-word" class="">Dear all, 


<div class=""><br class="">


</div>


<div class="">SK has a question about this proposal: how it is supposed to be described in CPS and audited?<br class="">


<br class="">


Today there are no requirements for a CA to develop its own software or have access to the source of the used certificate-generation software. The users guide most probably doesn’t state exact details about the method used to generate non-sequential serial


 numbers.<br class="">


<br class="">


For the same reason we are a bit worried about the proposed short time to comply. A CA using commercially available software might not be able to get the new feature quickly enough because the CA software vendors are not obliged to follow neither BR-s nor the


 discussions here.<br class="">


<div class=""><br class="">


</div>


<div class=""><br class="">


</div>


<div class="">Best regards, </div>


<font color="#888888" class="">


<div class=""><br class="">


Eneli Kirme<br class="">


AS Sertifitseerimiskeskus/SK </div>


</font>


<div class="elided-text"><br class="">


<div class="">


<blockquote type="cite" class="">


<div class="">On 26 Apr 2016, at 17:56, Ben Wilson <<a href="mailto:Ben.Wilson@digicert.com" target="_blank" class="">Ben.Wilson@digicert.com</a>> wrote:</div>


<br class="">


<div class="">


<div style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" class="">


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<span style="font-size:11pt;font-family:Calibri,sans-serif" class="">What about,<u class=""></u><u class=""></u></span></div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<span style="font-size:11pt;font-family:Calibri,sans-serif" class=""> </span></div>


<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif" class="">


"For certificates having a notBefore date after 1 July 2016, CAs SHALL use a Certificate serialNumber greater than zero (0) that exhibits at least 64 bits of entropy (i.e. randomness or unpredictability)."<u class=""></u><u class=""></u></div>


<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif" class="">


<u class=""></u> <u class=""></u></div>


<div style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif" class="">


?<u class=""></u><u class=""></u></div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<a name="m_7309351825654856802__MailEndCompose" class=""><span style="font-size:11pt;font-family:Calibri,sans-serif" class=""> </span></a></div>


<span class=""></span>


<div class="">


<div style="border-style:solid none none;border-top-color:rgb(225,225,225);border-top-width:1pt;padding:3pt 0in 0in" class="">


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<b class=""><span style="font-size:11pt;font-family:Calibri,sans-serif" class="">From:</span></b><span style="font-size:11pt;font-family:Calibri,sans-serif" class=""><span class=""> </span>Erwann Abalea [<a href="mailto:Erwann.Abalea@docusign.com" target="_blank" class="">mailto:Erwann.Abalea@docusign.com</a>]<span class=""> </span><br class="">


<b class="">Sent:</b><span class=""> </span>Tuesday, April 26, 2016 2:47 AM<br class="">


<b class="">To:</b><span class=""> </span>Tim Hollebeek <<a href="mailto:THollebeek@trustwave.com" target="_blank" class="">THollebeek@trustwave.com</a>><br class="">


<b class="">Cc:</b><span class=""> </span>Ryan Sleevi <<a href="mailto:sleevi@google.com" target="_blank" class="">sleevi@google.com</a>>; Ben Wilson <<a href="mailto:ben.wilson@digicert.com" target="_blank" class="">ben.wilson@digicert.com</a>>; CABFPub <<a href="mailto:public@cabforum.org" target="_blank" class="">public@cabforum.org</a>><br class="">


<b class="">Subject:</b><span class=""> </span>Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy<u class=""></u><u class=""></u></span></div>


</div>


</div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<u class=""></u> <u class=""></u></div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


That’s a good start :)<span class=""> </span><u class=""></u><u class=""></u></div>


<div class="">


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<u class=""></u> <u class=""></u></div>


</div>


<div class="">


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


I find it unfortunate that we need to define in BRs what a CSPRNG is, though.<u class=""></u><u class=""></u></div>


</div>


<div class="">


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<u class=""></u> <u class=""></u></div>


<div class="">


<div class="">


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


Cordialement,<u class=""></u><u class=""></u></div>


</div>


<div class="">


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


Erwann Abalea<u class=""></u><u class=""></u></div>


</div>


</div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<u class=""></u> <u class=""></u></div>


<div class="">


<blockquote style="margin-top:5pt;margin-bottom:5pt" class="">


<div class="">


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


Le 19 avr. 2016 à 16:01, Tim Hollebeek <<a href="mailto:THollebeek@trustwave.com" style="color:purple;text-decoration:underline" target="_blank" class="">THollebeek@trustwave.com</a>> a écrit :<u class=""></u><u class=""></u></div>


</div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<u class=""></u> <u class=""></u></div>


<div class="">


<div class="">


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)" class="">This is actually a pet peeve of mine that I’d like to fix, though unfortunately it is hard to fix.  One of the first security projects I was ever involved in involved


 exploiting bad random number generators to predict who would win a poker hand based on just your own hole cards and the flop (</span><a href="https://www.cigital.com/papers/download/developer_gambling.php" style="color:purple;text-decoration:underline" target="_blank" class=""><span style="font-size:11pt;font-family:Calibri,sans-serif" class="">https://www.cigital.com/papers/download/developer_gambling.php</span></a><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)" class="">).</span><u class=""></u><u class=""></u></div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)" class=""> </span><u class=""></u><u class=""></u></div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)" class="">Various security standards have tried with varying degrees of success to describe entropy requirements with generally poor results.  A first stab is:</span><u class=""></u><u class=""></u></div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)" class=""> </span><u class=""></u><u class=""></u></div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)" class="">---</span><u class=""></u><u class=""></u></div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)" class="">A blah blah blah (serial number, challenge, etc) must be generated using at least N bits from a cryptographically strong pseudorandom number generator.</span><u class=""></u><u class=""></u></div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)" class=""> </span><u class=""></u><u class=""></u></div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)" class="">Definition (Cryptographically strong pseudorandom number generator): An algorithm that uses cryptographic functions to generate pseudorandom numbers that cannot be predicted


 by anyone who does not have knowledge of the internal data describing the current state of the generator.</span><u class=""></u><u class=""></u></div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)" class="">---</span><u class=""></u><u class=""></u></div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)" class=""> </span><u class=""></u><u class=""></u></div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)" class="">It’s not perfect, because you can use cryptographic functions and still build a bad PRNG (hello NSA!), but at least it rules out all the really bad ones like rand() that


 don’t use any cryptographic functions at all, and should allow all existing and future secure PRNGs.</span><u class=""></u><u class=""></u></div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)" class=""> </span><u class=""></u><u class=""></u></div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)" class="">-Tim</span><u class=""></u><u class=""></u></div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)" class=""> </span><u class=""></u><u class=""></u></div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<b class=""><span style="font-size:10pt;font-family:Tahoma,sans-serif" class="">From:</span></b><span style="font-size:10pt;font-family:Tahoma,sans-serif" class=""> </span><a href="mailto:public-bounces@cabforum.org" style="color:purple;text-decoration:underline" target="_blank" class=""><span style="font-size:10pt;font-family:Tahoma,sans-serif" class="">public-bounces@cabforum.org</span></a><span style="font-size:10pt;font-family:Tahoma,sans-serif" class=""><span class=""> </span>[</span><a href="mailto:public-bounces@cabforum.org" style="color:purple;text-decoration:underline" target="_blank" class=""><span style="font-size:10pt;font-family:Tahoma,sans-serif" class="">mailto:public-bounces@cabforum.org</span></a><span style="font-size:10pt;font-family:Tahoma,sans-serif" class="">]<span class=""> </span><b class="">On


 Behalf Of<span class=""> </span></b>Ryan Sleevi<br class="">


<b class="">Sent:</b><span class=""> </span>Tuesday, April 19, 2016 9:42 AM<br class="">


<b class="">To:</b><span class=""> </span>Ben Wilson<br class="">


<b class="">Cc:</b><span class=""> </span>CABFPub<br class="">


<b class="">Subject:</b><span class=""> </span>Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy</span><u class=""></u><u class=""></u></div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


 <u class=""></u><u class=""></u></div>


<div class="">


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


Ben, is there any thought further on 'unpredictable bits'?<u class=""></u><u class=""></u></div>


<div class="">


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


 <u class=""></u><u class=""></u></div>


</div>


<div class="">


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


While I realize Richard disagreed, I do think it creates a possibility for a CA to argue that they're using unpredictable bits from, say, a Microsoft GUID generator, but such bits are not unpredictable. My hope would be to provide objective and unambiguous


 criteria, since, as we've seen from this discussion, 'unpredictable bits' and 'entropy' seem to cause some confusion.<u class=""></u><u class=""></u></div>


</div>


</div>


<div class="">


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


 <u class=""></u><u class=""></u></div>


<div class="">


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


On Tue, Apr 19, 2016 at 6:24 AM, Ben Wilson <<a href="mailto:ben.wilson@digicert.com" style="color:purple;text-decoration:underline" target="_blank" class="">ben.wilson@digicert.com</a>> wrote:<u class=""></u><u class=""></u></div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


Then I'll move forward with the  ballot if we have two endorsers.<br class="">


<br class="">


<span class="">-----Original Message-----</span><br class="">


<span class="">From: Peter Bowen [mailto:</span><a href="mailto:pzb@amzn.com" style="color:purple;text-decoration:underline" target="_blank" class="">pzb@amzn.com</a><span class="">]</span><br class="">


<span class="">Sent: Monday, April 18, 2016 9:16 PM</span><br class="">


<span class="">To: Ben Wilson <</span><a href="mailto:ben.wilson@digicert.com" style="color:purple;text-decoration:underline" target="_blank" class="">ben.wilson@digicert.com</a><span class="">></span><u class=""></u><u class=""></u></div>


<div class="">


<div class="">


<p class="MsoNormal" style="margin:0in 0in 12pt;font-size:12pt;font-family:'Times New Roman',serif">


Cc: CABFPub <<a href="mailto:public@cabforum.org" style="color:purple;text-decoration:underline" target="_blank" class="">public@cabforum.org</a>><br class="">


Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy<br class="">


<br class="">


I looked at certificates across all CT logs that had notBefore dates in March 2016.  Only 549 unique certificates had more than 20 bits but less than 61 bits in the serial number.  They were spread among many CAs.  >From the looks of it, I’m guessing that some


 CAs using a random number between 0 and N (probably 2^64 or 2^128) and some percentage of the time the value chosen is less than 2^61.  I used 2^61 as that is 16 hex digits which is a good approximation of 64-bits.<br class="">


<br class="">


So, I would say that almost everyone is using at least 64-bit serial numbers already.<br class="">


<br class="">


> On Apr 18, 2016, at 3:45 PM, Ben Wilson <<a href="mailto:ben.wilson@digicert.com" style="color:purple;text-decoration:underline" target="_blank" class="">ben.wilson@digicert.com</a>> wrote:<br class="">


><br class="">


> On the cablint report for the 20 bits of entropy,<span class=""> </span><a href="http://scanmail.trustwave.com/?c=4062&d=_7WW1-Xsik0C2oQr-Abmw1rpiv0FhB9gtfVo4c10-Q&s=5&u=https%3a%2f%2fcrt%2esh%2f%3fcablint%3d38" style="color:purple;text-decoration:underline" target="_blank" class="">https://crt.sh/?cablint=38</a>,


 there  are 20 certificates that were listed.  If this changes to 64 bits, how many more certificates will be on the list?<br class="">


><br class="">


> From:<span class=""> </span><a href="mailto:public-bounces@cabforum.org" style="color:purple;text-decoration:underline" target="_blank" class="">public-bounces@cabforum.org</a><span class=""> </span>[mailto:<a href="mailto:public-bounces@cabforum.org" style="color:purple;text-decoration:underline" target="_blank" class="">public-bounces@cabforum.org</a>]


 On Behalf Of Ben Wilson<br class="">


> Sent: Monday, April 18, 2016 10:25 AM<br class="">


> To: CABFPub <<a href="mailto:public@cabforum.org" style="color:purple;text-decoration:underline" target="_blank" class="">public@cabforum.org</a>><br class="">


> Subject: [cabfpub] FW: Pre-Ballot 164 - Certificate Serial Number Entropy<br class="">


><br class="">


> Forwarding<br class="">


><br class="">


> From: Kane York [mailto:<a href="mailto:kanepyork@gmail.com" style="color:purple;text-decoration:underline" target="_blank" class="">kanepyork@gmail.com</a>]<br class="">


> Sent: Monday, April 18, 2016 10:23 AM<br class="">


> To: Ben Wilson <<a href="mailto:ben.wilson@digicert.com" style="color:purple;text-decoration:underline" target="_blank" class="">ben.wilson@digicert.com</a>>; Erwann Abalea <<a href="mailto:Erwann.Abalea@docusign.com" style="color:purple;text-decoration:underline" target="_blank" class="">Erwann.Abalea@docusign.com</a>><br class="">


> Cc:<span class=""> </span><a href="mailto:questions@cabforum.org" style="color:purple;text-decoration:underline" target="_blank" class="">questions@cabforum.org</a><br class="">


> Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy<br class="">


><br class="">


><br class="">


> On Fri, Apr 15, 2016 at 7:52 AM Ben Wilson <<a href="mailto:ben.wilson@digicert.com" style="color:purple;text-decoration:underline" target="_blank" class="">ben.wilson@digicert.com</a>> wrote:<br class="">


> I didn’t think it was that simple.  For instance, see<span class=""> </span><a href="http://scanmail.trustwave.com/?c=4062&d=_7WW1-Xsik0C2oQr-Abmw1rpiv0FhB9gtfZt5Zwiog&s=5&u=https%3a%2f%2fen%2ewikipedia%2eorg%2fwiki%2fPassword%5fstrength" style="color:purple;text-decoration:underline" target="_blank" class="">https://en.wikipedia.org/wiki/Password_strength</a><br class="">


><br class="">


> From: Erwann Abalea [mailto:<a href="mailto:Erwann.Abalea@docusign.com" style="color:purple;text-decoration:underline" target="_blank" class="">Erwann.Abalea@docusign.com</a>]<br class="">


> Sent: Friday, April 15, 2016 8:44 AM<br class="">


> To: Ben Wilson <<a href="mailto:ben.wilson@digicert.com" style="color:purple;text-decoration:underline" target="_blank" class="">ben.wilson@digicert.com</a>><br class="">


> Cc: CABFPub <<a href="mailto:public@cabforum.org" style="color:purple;text-decoration:underline" target="_blank" class="">public@cabforum.org</a>><br class="">


><br class="">


> Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy<br class="">


><br class="">


> Bonjour,<br class="">


><br class="">


> 20 bits of entropy is the same as 20 bits unpredictable bits.<br class="">


><br class="">


> Whence, 64 bits of entropy is a higher requirement than 20 bits of entropy.<br class="">


><br class="">


> Cordialement,<br class="">


> Erwann Abalea<br class="">


><br class="">


> No, it definitely is that simple.<br class="">


><br class="">


> I think the confusion here is the definition of "hex characters".<br class="">


><br class="">


> > Our CA issues certificates with 32 hexadecimal characters for the serial number.<br class="">


><br class="">


> This is not possible - you cannot have 32 ASCII characters in the serial number.<br class="">


> The most likely truth given that explanation is that you have 16 fully random bytes. Which would be 16 * 8 = 128 random bits, satisfying the entropy requirements.<br class="">


><br class="">


> 3 fully random bytes would satisfy the 20-bit requirement.<br class="">


> 6 fully random hexadecimal ASCII characters encoded in the serial number would satisfy the 20-bit requirement.<br class="">


><br class="">


> 8 fully random bytes is required to satisfy the 64-bit requirement.<br class="">


> 16 bytes with 4 bits of entropy each, which ASCII-encoded hexadecimal would be, would satisfy the entropy requirement and leave you 3.875 bytes left over for other information.<br class="">


><br class="">


><br class="">


> Le 15 avr. 2016 à 16:32, Ben Wilson <<a href="mailto:ben.wilson@digicert.com" style="color:purple;text-decoration:underline" target="_blank" class="">ben.wilson@digicert.com</a>> a écrit :<br class="">


><br class="">


> Forwarding<br class="">


><br class="">


> From: Man Ho (Certizen) [mailto:<a href="mailto:manho@certizen.com" style="color:purple;text-decoration:underline" target="_blank" class="">manho@certizen.com</a>]<br class="">


> Sent: Thursday, April 14, 2016 7:51 PM<br class="">


> To: Ben Wilson <<a href="mailto:ben.wilson@digicert.com" style="color:purple;text-decoration:underline" target="_blank" class="">ben.wilson@digicert.com</a>>; Ryan Sleevi <<a href="mailto:sleevi@google.com" style="color:purple;text-decoration:underline" target="_blank" class="">sleevi@google.com</a>><br class="">


> Cc:<span class=""> </span><a href="mailto:public@cabforum.org" style="color:purple;text-decoration:underline" target="_blank" class="">public@cabforum.org</a><br class="">


> Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy<br class="">


><br class="">


> Ben,<br class="">


><br class="">


> We had already changed our system to issue SSL certificates with 20 hexadecimal characters of at least 20-bit of entropy since 2014. I'm just wondering why the requirement is changed from "bits of entropy" to "unpredictable bits", which I don't understand


 the conversion (like "cm" to "inch" :). I don't know whether our software vendor understands it.<br class="">


><br class="">


> Man<br class="">


><br class="">


> On 4/15/2016 4:24 AM, Ben Wilson wrote:<br class="">


> You’re right, given a randomly generated 20-byte serial number, you have 159 unpredictable bits.<br class="">


><br class="">


> From: Ryan Sleevi [mailto:<a href="mailto:sleevi@google.com" style="color:purple;text-decoration:underline" target="_blank" class="">sleevi@google.com</a>]<br class="">


> Sent: Thursday, April 14, 2016 2:03 PM<br class="">


> To: Ben Wilson <<a href="mailto:ben.wilson@digicert.com" style="color:purple;text-decoration:underline" target="_blank" class="">ben.wilson@digicert.com</a>><br class="">


> Cc: Man Ho (Certizen) <<a href="mailto:manho@certizen.com" style="color:purple;text-decoration:underline" target="_blank" class="">manho@certizen.com</a>>;<span class=""> </span><a href="mailto:public@cabforum.org" style="color:purple;text-decoration:underline" target="_blank" class="">public@cabforum.org</a><br class="">


> Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy<br class="">


><br class="">


> Ben:<br class="">


><br class="">


> Are you sure your math is correct? A serial number is 20 bytes, with the high bit needing to be 1 (for the encoding of positive INTEGERS within DER). This leaves 159 bits for entropy. So you certainly can't have more unpredictable bits than that :)<br class="">


><br class="">


> On Thu, Apr 14, 2016 at 12:59 PM, Ben Wilson <<a href="mailto:ben.wilson@digicert.com" style="color:purple;text-decoration:underline" target="_blank" class="">ben.wilson@digicert.com</a>> wrote:<br class="">


> Man,<br class="">


> Have you had a chance to do  further research on the capabilities of your system?   Our CA issues certificates with 32 hexadecimal characters for the serial number.  There are 4 bits of entropy for each hexadecimal character.  Therefore, our serial numbers


 have 128 bits of entropy and 16*32= 512 unpredictable bits.  An 8-hexadecimal character serial number would have 32 bits of entropy and 128 unpredictable bits.  A 20-bit entropy would be equal to 5 hexadecimal characters, or 80 unpredictable bits, so this


 seems like this is a downgrade to go to 64 unpredictable bits.  Am I right?<br class="">


> Ben<br class="">


><br class="">


> From: Man Ho (Certizen) [mailto:<a href="mailto:manho@certizen.com" style="color:purple;text-decoration:underline" target="_blank" class="">manho@certizen.com</a>]<br class="">


> Sent: Wednesday, March 23, 2016 12:27 AM<br class="">


> To: Ben Wilson <<a href="mailto:ben.wilson@digicert.com" style="color:purple;text-decoration:underline" target="_blank" class="">ben.wilson@digicert.com</a>>;<span class=""> </span><a href="mailto:public@cabforum.org" style="color:purple;text-decoration:underline" target="_blank" class="">public@cabforum.org</a><br class="">


> Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy<br class="">


><br class="">


> Hi all,<br class="">


><br class="">


> Is the meaning of "at least 64 unpredictable bits" setting the same or a higher requirement than "at least 20 bits of entropy" ? I'm not quite sure whether our certificate generation software has this setting in itself.<br class="">


><br class="">


> Cheers<br class="">


> Man<br class="">


><br class="">


> On 3/1/2016 12:21 AM, Ben Wilson wrote:<br class="">


> REPLACE<br class="">


> "CAs SHOULD generate non-sequential Certificate serial numbers that exhibit at least 20 bits of entropy"<br class="">


> WITH<br class="">


> "Effective April 1, 2016, CAs SHALL use a Certificate serialNumber greater than zero (0) that contains at least 64 unpredictable bits."<br class="">


><br class="">


><br class="">


> _______________________________________________<br class="">


> Public mailing list<br class="">


><span class=""> </span><a href="mailto:Public@cabforum.org" style="color:purple;text-decoration:underline" target="_blank" class="">Public@cabforum.org</a><br class="">


><span class=""> </span><a href="http://scanmail.trustwave.com/?c=4062&d=_7WW1-Xsik0C2oQr-Abmw1rpiv0FhB9gtaA94Mx38A&s=5&u=https%3a%2f%2fcabforum%2eorg%2fmailman%2flistinfo%2fpublic" style="color:purple;text-decoration:underline" target="_blank" class="">https://cabforum.org/mailman/listinfo/public</a><br class="">


><br class="">


><br class="">


><br class="">


> _______________________________________________<br class="">


> Public mailing list<br class="">


><span class=""> </span><a href="mailto:Public@cabforum.org" style="color:purple;text-decoration:underline" target="_blank" class="">Public@cabforum.org</a><br class="">


><span class=""> </span><a href="http://scanmail.trustwave.com/?c=4062&d=_7WW1-Xsik0C2oQr-Abmw1rpiv0FhB9gtaA94Mx38A&s=5&u=https%3a%2f%2fcabforum%2eorg%2fmailman%2flistinfo%2fpublic" style="color:purple;text-decoration:underline" target="_blank" class="">https://cabforum.org/mailman/listinfo/public</a><br class="">


><br class="">


> _______________________________________________<br class="">


> Public mailing list<br class="">


><span class=""> </span><a href="mailto:Public@cabforum.org" style="color:purple;text-decoration:underline" target="_blank" class="">Public@cabforum.org</a><br class="">


><span class=""> </span><a href="http://scanmail.trustwave.com/?c=4062&d=_7WW1-Xsik0C2oQr-Abmw1rpiv0FhB9gtaA94Mx38A&s=5&u=https%3a%2f%2fcabforum%2eorg%2fmailman%2flistinfo%2fpublic" style="color:purple;text-decoration:underline" target="_blank" class="">https://cabforum.org/mailman/listinfo/public</a><br class="">


> _______________________________________________<br class="">


> Public mailing list<br class="">


><span class=""> </span><a href="mailto:Public@cabforum.org" style="color:purple;text-decoration:underline" target="_blank" class="">Public@cabforum.org</a><br class="">


><span class=""> </span><a href="http://scanmail.trustwave.com/?c=4062&d=_7WW1-Xsik0C2oQr-Abmw1rpiv0FhB9gtaA94Mx38A&s=5&u=https%3a%2f%2fcabforum%2eorg%2fmailman%2flistinfo%2fpublic" style="color:purple;text-decoration:underline" target="_blank" class="">https://cabforum.org/mailman/listinfo/public</a><u class=""></u><u class=""></u></p>


</div>


</div>


<p class="MsoNormal" style="margin:0in 0in 12pt;font-size:12pt;font-family:'Times New Roman',serif">


<br class="">


_______________________________________________<br class="">


Public mailing list<br class="">


<a href="mailto:Public@cabforum.org" style="color:purple;text-decoration:underline" target="_blank" class="">Public@cabforum.org</a><br class="">


<a href="http://scanmail.trustwave.com/?c=4062&d=_7WW1-Xsik0C2oQr-Abmw1rpiv0FhB9gtaA94Mx38A&s=5&u=https%3a%2f%2fcabforum%2eorg%2fmailman%2flistinfo%2fpublic" style="color:purple;text-decoration:underline" target="_blank" class="">https://cabforum.org/mailman/listinfo/public</a><u class=""></u><u class=""></u></p>


</div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


 <u class=""></u><u class=""></u></div>


</div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<u class=""></u> <u class=""></u></div>


<div class="MsoNormal" align="center" style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif;text-align:center">


<hr size="5" width="100%" align="center" class="">


</div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<span style="font-size:7.5pt;font-family:Arial,sans-serif;color:gray" class=""><br class="">


This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information


 contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.</span><u class=""></u><u class=""></u></div>


</div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


_______________________________________________<br class="">


Public mailing list<br class="">


<a href="mailto:Public@cabforum.org" style="color:purple;text-decoration:underline" target="_blank" class="">Public@cabforum.org</a><br class="">


<a href="https://cabforum.org/mailman/listinfo/public" style="color:purple;text-decoration:underline" target="_blank" class="">https://cabforum.org/mailman/listinfo/public</a><u class=""></u><u class=""></u></div>


</div>


</blockquote>


</div>


<div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif" class="">


<u class=""></u> <u class=""></u></div>


</div>


</div>


<span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important" class="">_______________________________________________</span><br style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" class="">


<span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important" class="">Public


 mailing list</span><br style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" class="">


<span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important" class=""><a href="mailto:Public@cabforum.org" target="_blank" class="">Public@cabforum.org</a></span><br style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" class="">


<span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important" class=""><a href="https://cabforum.org/mailman/listinfo/public" target="_blank" class="">https://cabforum.org/mailman/listinfo/public</a></span></div>


</blockquote>


</div>


<br class="">


</div>


</div>


</div>


<br class="">


_______________________________________________<br class="">


Public mailing list<br class="">


<a href="mailto:Public@cabforum.org" class="">Public@cabforum.org</a><br class="">


<a href="https://cabforum.org/mailman/listinfo/public" rel="noreferrer" target="_blank" class="">https://cabforum.org/mailman/listinfo/public</a><br class="">


<br class="">


</blockquote>


</div>


</div>


</blockquote>


</div>


<br class="">


</div>


</body>


</html>