[cabfcert_policy] Entropy in Certificate Serial Numbers

Robin Alden robin at comodo.com
Wed Feb 17 15:58:41 MST 2016 

Thanks all for the clarification.

I hadn’t seen that discussion.

 

Robin

 

 

From: Bowen, Peter [mailto:pzb at amazon.com] 
Sent: 17 February 2016 15:49
To: Robin Alden <robin at comodo.com>
Cc: Ben Wilson <ben.wilson at digicert.com>; policyreview at cabforum.org
Subject: Re: [cabfcert_policy] Entropy in Certificate Serial Numbers

 

Robin,

 

Apparently in some non-English languages the number zero is considered to be positive.  This clarifies that zero is disallowed.

 

Thanks,

Peter

 

On Feb 17, 2016, at 2:42 PM, Robin Alden <robin at comodo.com <mailto:robin at comodo.com> > wrote:

 

Hi Ben,

              I’m fine with the ‘unpredictable bits’ part, but the serial number thing is already covered in RFC5280.

Why do we need it again in the BRs?

 

 <https://tools.ietf.org/html/rfc5280#section-4.1.2.2> https://tools.ietf.org/html/rfc5280#section-4.1.2.2

says..

“The serial number MUST be a positive integer assigned by the CA to each certificate.  …”

 

Robin

 

 

From:  <mailto:policyreview-bounces at cabforum.org> policyreview-bounces at cabforum.org [ <mailto:policyreview-bounces at cabforum.org> mailto:policyreview-bounces at cabforum.org] On Behalf Of Ben Wilson
Sent: 17 February 2016 11:46
To:  <mailto:policyreview at cabforum.org> policyreview at cabforum.org
Subject: [cabfcert_policy] Entropy in Certificate Serial Numbers

 

What about  this version of a proposed revision to Section 7.1 of the  BRs?

 

For all Certificates issued after _______, serialNumbers MUST be greater than zero  (0), and for Certificates issued to Subscribers and Intermediate CAs, the serialNumber MUST contain at least 64 unpredictable bits.

 

_______________________________________________
Policyreview mailing list
 <mailto:Policyreview at cabforum.org> Policyreview at cabforum.org
 <https://cabforum.org/mailman/listinfo/policyreview> https://cabforum.org/mailman/listinfo/policyreview

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/policyreview/attachments/20160217/8a3a722a/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5833 bytes
Desc: not available
Url : https://cabforum.org/pipermail/policyreview/attachments/20160217/8a3a722a/attachment-0001.bin

More information about the Policyreview mailing list