[cabfcert_policy] Entropy in Certificate Serial Numbers
Bowen, Peter
pzb at amazon.com
Wed Feb 17 15:49:07 MST 2016
Robin,
Apparently in some non-English languages the number zero is considered to be positive. This clarifies that zero is disallowed.
Thanks,
Peter
On Feb 17, 2016, at 2:42 PM, Robin Alden <robin at comodo.com<mailto:robin at comodo.com>> wrote:
Hi Ben,
I’m fine with the ‘unpredictable bits’ part, but the serial number thing is already covered in RFC5280.
Why do we need it again in the BRs?
https://tools.ietf.org/html/rfc5280#section-4.1.2.2
says..
“The serial number MUST be a positive integer assigned by the CA to each certificate. …”
Robin
From: policyreview-bounces at cabforum.org<mailto:policyreview-bounces at cabforum.org> [mailto:policyreview-bounces at cabforum.org] On Behalf Of Ben Wilson
Sent: 17 February 2016 11:46
To: policyreview at cabforum.org<mailto:policyreview at cabforum.org>
Subject: [cabfcert_policy] Entropy in Certificate Serial Numbers
What about this version of a proposed revision to Section 7.1 of the BRs?
For all Certificates issued after _______, serialNumbers MUST be greater than zero (0), and for Certificates issued to Subscribers and Intermediate CAs, the serialNumber MUST contain at least 64 unpredictable bits.
_______________________________________________
Policyreview mailing list
Policyreview at cabforum.org<mailto:Policyreview at cabforum.org>
https://cabforum.org/mailman/listinfo/policyreview
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/policyreview/attachments/20160217/114f66a3/attachment.html
More information about the Policyreview
mailing list