[cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy

Ben Wilson ben.wilson at digicert.com
Fri Feb 26 21:49:50 UTC 2016

For discussion:

Pre-Ballot 164 - Certificate Serial Number Entropy 

-- Motion Begins -- 

In Section 7.1 of the Baseline Requirements, 


"CAs SHOULD generate non-sequential Certificate serial numbers that exhibit
at least 20 bits of entropy" 


"Effective April 1, 2016, CAs SHALL use a Certificate serialNumber greater
than zero (0) that contains at least 64 unpredictable bits." 

-- Motion Ends -- 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160226/f41025e1/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4954 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160226/f41025e1/attachment.p7s>

More information about the Public mailing list