[cabfpub] Definition of Random Value on draft ballot re new domain validation methods

Tue May 5 10:13:05 MST 2015

Here’s a reference from Microsoft:

http://blogs.msdn.com/b/oldnewthing/archive/2012/05/23/10309199.aspx

If you’re running a CA, you already need to have access to a cryptographically strong random number generator.  Just ask it for 128 bits.

-Tim

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of kirk_hall at trendmicro.com
Sent: Tuesday, May 05, 2015 12:44 PM
To: Gervase Markham; CABFPub (public at cabforum.org)
Subject: Re: [cabfpub] Definition of Random Value on draft ballot re new domain validation methods

Here's a more fundamental question -- why do we need to introduce the concept of a "Random Value" for use in practical demonstrations?  It's not a requirement today.  Here's what current 11.1.1 (6) requires today:

6. Having the Applicant demonstrate practical control over the FQDN by making an agreed-upon change to information found on an online Web page identified by a uniform resource identifier containing the FQDN;

No random value, and the CA is control of the content to be posted to the Applicant’s website.  Why does it have to be a (defined) Random Value now?  Seems like overkill.  Just go back to a “value or content selected by the CA”, which could be a Random Value, a Random Token, or something else.

-----Original Message-----
From: Gervase Markham [mailto:gerv at mozilla.org]
Sent: Tuesday, May 05, 2015 6:24 AM
To: Kirk Hall (RD-US); CABFPub (public at cabforum.org<mailto:public at cabforum.org>)
Subject: Re: [cabfpub] Definition of Random Value on draft ballot re new domain validation methods

On 05/05/15 02:37, kirk_hall at trendmicro.com<mailto:kirk_hall at trendmicro.com> wrote:

> The problem is, one of the most common random number generating tool

> is the MS GUID generator, and my understanding is that it falls just

> short of 128 bits of entropy.

>

> http://en.wikipedia.org/wiki/Globally_unique_identifier<http://scanmail.trustwave.com/?c=4062&d=7_PI1fHHiUswIu2yRBf50UZRDkrHCQJy9L3opLfrvw&s=5&u=http%3a%2f%2fen%2ewikipedia%2eorg%2fwiki%2fGlobally%5funique%5fidentifier>

From the Wikipedia article "Cryptanalysis of the WinAPI GUID generator shows that, since the sequence of V4 GUIDs is pseudo-random, given full knowledge of the internal state, it is possible to predict previous and subsequent values."

Given that GUIDs can be both randomly and non-randomly generated, and given that the RNG used is not necessarily cryptographically strong, it seems an unwise thing to change the standard to accommodate GUIDs.

While we don't plan to mandate details of the RNG, I would hope that all CAs would be using cryptographically strong RNGs to generate any randomness required at any point in their cert-creation operations.

Gerv

TREND MICRO EMAIL NOTICE

The information contained in this email and any attachments is confidential

and may be subject to copyright or other intellectual property protection.

If you are not the intended recipient, you are not authorized to use or

disclose this information, and we request that you notify us by reply mail or

telephone and delete the original message from your mail system.

________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20150505/ebb1137e/attachment-0001.html 