[cabfpub] Fwd: Discussion about RFC5280 and BR in Mozilla-dev-security

Dimitris Zacharopoulos jimmy at it.auth.gr
Tue Feb 9 12:26:16 UTC 2016

Re-posting to the public list (and apologies for those receiving it twice).

Begin forwarded message:

Dear CA/B Forum members,

There is a discussion in Mozilla-dev-security mailing list regarding the interpretation of some sections from the BR (mainly 7.1) and RFC5280 (mainly 4.2.1) regarding the "serial number" of "trust anchors" (as defined in RFC5280). Now, trust anchors are usually self-signed certificates known as RootCA certificates.

According to the verification algorithm, as described in RFC5280, "Trust anchors" are treated as input to the algorithm. This means that the serial number of the RootCA certificate is ignored, together with other elements (for example policy OIDs).

Also, the BR required serial numbers to have 20bits of entropy to prevent hash collision attacks. Was there ever a requirement or intension for trust anchors to RootCA certificates to have 20bits of entropy?

It would be interesting for people with good technical knowledge of RFC5280 and people who defined section 7.1 of the BR to engage in the public discussion in moz-dev-sec under thread "New requirement:certlint testing". 

Best regards,
Dimitris Zacharopoulos.

More information about the Public mailing list