[cabfpub] Fwd: Discussion about RFC5280 and BR in Mozilla-dev-security
jeremy.rowley at digicert.com
Tue Feb 9 22:15:04 UTC 2016
What does it hurt to require RootCAs to have 20 bits of entropy in the
serial? We certainly didn't create an exemption for entropy from the serial
number. Plus it seems like a good indicator on whether your end entity certs
and sub CAs will likely have 20 bits of entropy in the serial number,
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Dimitris Zacharopoulos
Sent: Tuesday, February 9, 2016 5:26 AM
To: public at cabforum.org
Subject: [cabfpub] Fwd: Discussion about RFC5280 and BR in
Re-posting to the public list (and apologies for those receiving it twice).
Begin forwarded message:
Dear CA/B Forum members,
There is a discussion in Mozilla-dev-security mailing list regarding the
interpretation of some sections from the BR (mainly 7.1) and RFC5280 (mainly
4.2.1) regarding the "serial number" of "trust anchors" (as defined in
RFC5280). Now, trust anchors are usually self-signed certificates known as
According to the verification algorithm, as described in RFC5280, "Trust
anchors" are treated as input to the algorithm. This means that the serial
number of the RootCA certificate is ignored, together with other elements
(for example policy OIDs).
Also, the BR required serial numbers to have 20bits of entropy to prevent
hash collision attacks. Was there ever a requirement or intension for trust
anchors to RootCA certificates to have 20bits of entropy?
It would be interesting for people with good technical knowledge of RFC5280
and people who defined section 7.1 of the BR to engage in the public
discussion in moz-dev-sec under thread "New requirement:certlint testing".
Public mailing list
Public at cabforum.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4964 bytes
Desc: not available
More information about the Public