[cabfcert_policy] Entropy in Certificate Serial Numbers
Robin Alden
robin at comodo.com
Wed Feb 17 15:58:41 MST 2016
Thanks all for the clarification.
I hadn’t seen that discussion.
Robin
From: Bowen, Peter [mailto:pzb at amazon.com]
Sent: 17 February 2016 15:49
To: Robin Alden <robin at comodo.com>
Cc: Ben Wilson <ben.wilson at digicert.com>; policyreview at cabforum.org
Subject: Re: [cabfcert_policy] Entropy in Certificate Serial Numbers
Robin,
Apparently in some non-English languages the number zero is considered to be positive. This clarifies that zero is disallowed.
Thanks,
Peter
On Feb 17, 2016, at 2:42 PM, Robin Alden <robin at comodo.com <mailto:robin at comodo.com> > wrote:
Hi Ben,
I’m fine with the ‘unpredictable bits’ part, but the serial number thing is already covered in RFC5280.
Why do we need it again in the BRs?
<https://tools.ietf.org/html/rfc5280#section-4.1.2.2> https://tools.ietf.org/html/rfc5280#section-4.1.2.2
says..
“The serial number MUST be a positive integer assigned by the CA to each certificate. …”
Robin
From: <mailto:policyreview-bounces at cabforum.org> policyreview-bounces at cabforum.org [ <mailto:policyreview-bounces at cabforum.org> mailto:policyreview-bounces at cabforum.org] On Behalf Of Ben Wilson
Sent: 17 February 2016 11:46
To: <mailto:policyreview at cabforum.org> policyreview at cabforum.org
Subject: [cabfcert_policy] Entropy in Certificate Serial Numbers
What about this version of a proposed revision to Section 7.1 of the BRs?
For all Certificates issued after _______, serialNumbers MUST be greater than zero (0), and for Certificates issued to Subscribers and Intermediate CAs, the serialNumber MUST contain at least 64 unpredictable bits.
_______________________________________________
Policyreview mailing list
<mailto:Policyreview at cabforum.org> Policyreview at cabforum.org
<https://cabforum.org/mailman/listinfo/policyreview> https://cabforum.org/mailman/listinfo/policyreview
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/policyreview/attachments/20160217/8a3a722a/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5833 bytes
Desc: not available
Url : https://cabforum.org/pipermail/policyreview/attachments/20160217/8a3a722a/attachment-0001.bin
More information about the Policyreview
mailing list