[cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy

Jacob Hoffman-Andrews jsha at letsencrypt.org
Thu Apr 28 20:53:45 UTC 2016


On Fri, Apr 22, 2016 at 9:01 AM, Tim Hollebeek <THollebeek at trustwave.com>
wrote:

> This is why I proposed and continue to support an actual definition.  If
> people don’t like my definition, I’m open to improvements.  I don’t think
> it should be too hard to come up with one that excludes the four examples
> Doug mentioned, and I think mine currently does.
>

I think we're unlikely to conclusively define entropy in a way that
auditors can reasonably measure. What we want to do here is rule out
solutions that are obviously wrong. How about this:

"CAs SHALL use a Certificate serialNumber greater than zero (0) containing
at least 64 bits of output from a CSPRNG"

"CSPRNG: A random number generator intended for use in cryptographic system"

This rules out things like GUID, which are easy to verify as not intended
for use in a cryptographic system
<https://blogs.msdn.microsoft.com/oldnewthing/20120523-00/?p=7553>, without
creating a cryptanalytic test for whether something qualifies as a CSPRNG.

That said, I still think it would be sufficient to continue to use
"entropy" without further definition, and if we can't settle on a good
definition soon, we should proceed with that approach.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160428/d33a47f7/attachment-0003.html>


More information about the Public mailing list