[cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy
Jacob Hoffman-Andrews
jsha at letsencrypt.org
Thu Apr 21 01:07:12 UTC 2016
I think the question of how to define entropy or CSPRNGs is a really good
one, but I think the core of this ballot, changing a SHOULD to a SHALL, is
too important to hold up on that complex question. How about a version
which is strictly no more ambiguous that the current version:
"Effective April 1, 2016, CAs SHALL use a Certificate serialNumber greater
than zero (0) that exhibits at least 64 bits of entropy."
Let's Encrypt would be happy to endorse such a ballot.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20160420/6505363e/attachment-0001.html
More information about the Public
mailing list