[cabfcert_policy] Entropy in Certificate Serial Numbers
Robin Alden
robin at comodo.com
Wed Feb 17 15:42:48 MST 2016
Hi Ben,
I'm fine with the 'unpredictable bits' part, but the serial
number thing is already covered in RFC5280.
Why do we need it again in the BRs?
https://tools.ietf.org/html/rfc5280#section-4.1.2.2
says..
"The serial number MUST be a positive integer assigned by the CA to each
certificate. ."
Robin
From: policyreview-bounces at cabforum.org
[mailto:policyreview-bounces at cabforum.org] On Behalf Of Ben Wilson
Sent: 17 February 2016 11:46
To: policyreview at cabforum.org
Subject: [cabfcert_policy] Entropy in Certificate Serial Numbers
What about this version of a proposed revision to Section 7.1 of the BRs?
For all Certificates issued after _______, serialNumbers MUST be greater
than zero (0), and for Certificates issued to Subscribers and Intermediate
CAs, the serialNumber MUST contain at least 64 unpredictable bits.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/policyreview/attachments/20160217/af48bd47/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5833 bytes
Desc: not available
Url : https://cabforum.org/pipermail/policyreview/attachments/20160217/af48bd47/attachment.bin
More information about the Policyreview
mailing list