[cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy
kurt at roeckx.be
Thu Apr 28 22:19:47 UTC 2016
On Fri, Feb 26, 2016 at 09:49:50PM +0000, Ben Wilson wrote:
> For discussion:
> Pre-Ballot 164 - Certificate Serial Number Entropy
> -- Motion Begins --
> In Section 7.1 of the Baseline Requirements,
> "CAs SHOULD generate non-sequential Certificate serial numbers that exhibit
> at least 20 bits of entropy"
> "Effective April 1, 2016, CAs SHALL use a Certificate serialNumber greater
> than zero (0) that contains at least 64 unpredictable bits."
> -- Motion Ends --
I'm wondering if we should add something that it should be the
output of a CSPRNG?
More information about the Public