<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Other standards have used “entropy”, so I have quite a bit of experience hearing amusing anecdotes about conversations with auditors about Shannon entropy.
The reality is that the result of those conversations is rarely productive or reaches the right result. “Unpredictable” is better, but still quite subjective.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">“intended for use in a cryptographic system” is something I’d be willing to support, though “intent” is perhaps harder to measure than “uses cryptographic primitives”.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Also, it occurred to me since I wrote my definition that we do not want to preclude use of hardware sources of randomness. But that should be any easy fix.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">-Tim<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Jacob Hoffman-Andrews [mailto:jsha@letsencrypt.org]
<br>
<b>Sent:</b> Thursday, April 28, 2016 4:54 PM<br>
<b>To:</b> Tim Hollebeek<br>
<b>Cc:</b> Doug Beattie; Bruce Morton; Ben Wilson; Dimitris Zacharopoulos; public@cabforum.org<br>
<b>Subject:</b> Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<div>
<p class="MsoNormal"><span style="color:black">On Fri, Apr 22, 2016 at 9:01 AM, Tim Hollebeek <<a href="mailto:THollebeek@trustwave.com" target="_blank">THollebeek@trustwave.com</a>> wrote:</span><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">This is why I proposed and continue to support an actual definition. If people don’t like my definition,
I’m open to improvements. I don’t think it should be too hard to come up with one that excludes the four examples Doug mentioned, and I think mine currently does.</span><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">I think we're unlikely to conclusively define entropy in a way that auditors can reasonably measure. What we want to do here is rule out solutions that are obviously wrong. How about this:<br>
<br>
"CAs SHALL use a Certificate serialNumber greater than zero (0) containing at least 64 bits of output from a CSPRNG"<br>
<br>
"CSPRNG: A random number generator intended for use in cryptographic system"<br>
<br>
This rules out things like GUID, which are easy to verify as <a href="http://scanmail.trustwave.com/?c=4062&d=2vii11tt_KnxUNNGioK47mD9hsLS6riEDPw1uhe4Lw&s=5&u=https%3a%2f%2fblogs%2emsdn%2emicrosoft%2ecom%2foldnewthing%2f20120523-00%2f%3fp%3d7553">
not intended for use in a cryptographic system</a>, without creating a cryptanalytic test for whether something qualifies as a CSPRNG.<br>
<br>
That said, I still think it would be sufficient to continue to use "entropy" without further definition, and if we can't settle on a good definition soon, we should proceed with that approach.<o:p></o:p></p>
</div>
</div>
</div>
</div>
<br>
<hr>
<font face="Arial" color="Gray" size="1"><br>
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information
contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.<br>
</font>
</body>
</html>