[cabfpub] Microsoft Proposed Updates to the SHA-1 Deprecation Timeline
wthayer at godaddy.com
Thu Oct 29 10:51:23 MST 2015
8 bytes of entropy in the serialNumber field has been a requirement of Microsoft’s root program since 2013: http://social.technet.microsoft.com/wiki/contents/articles/1760.windows-root-certificate-program-technical-requirements-version-2-0/revision/15.aspx
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Ryan Sleevi
Sent: Wednesday, October 28, 2015 2:16 PM
To: Doug Beattie <doug.beattie at globalsign.com>
Cc: Nazmus Sakib <mdsakib at microsoft.com>; Magnus Nyström <mnystrom at microsoft.com>; public at cabforum.org
Subject: Re: [cabfpub] Microsoft Proposed Updates to the SHA-1 Deprecation Timeline
On Wed, Oct 28, 2015 at 2:03 PM, Doug Beattie <doug.beattie at globalsign.com<mailto:doug.beattie at globalsign.com>> wrote:
With the certificate serial number entropy
This is not a MUST requirement in the Baseline Requirements, unfortunately.
"CAs SHOULD generate non-sequential Certificate serial numbers that exhibit at least 20 bits of entropy"
As such, it's not a terribly reliable scheme.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public