[cabfpub] Fwd: Discussion about RFC5280 and BR in Mozilla-dev-security

Jeremy Rowley jeremy.rowley at digicert.com
Tue Feb 9 22:54:21 UTC 2016

No. Cab forum guidelines only apply to certs issued after the effective date. There's nothing that requires revocation of certs issued prior to the effective date that lack the required entropy.

"Brown, Wendy (10421)" <wendy.brown at protiviti.com> wrote:

Jeremy -
One potential issue is if the Root Certificate was generated before the 20 bits of entropy became a requirement- are you really saying those CAs had to modify their root certificate retroactively?

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Jeremy Rowley
Sent: Tuesday, February 9, 2016 5:15 PM
To: Dimitris Zacharopoulos <jimmy at it.auth.gr>; public at cabforum.org
Subject: Re: [cabfpub] Fwd: Discussion about RFC5280 and BR in Mozilla-dev-security

What does it hurt to require RootCAs to have 20 bits of entropy in the serial?  We certainly didn't create an exemption for entropy from the serial number. Plus it seems like a good indicator on whether your end entity certs and sub CAs will likely have 20 bits of entropy in the serial number, doesn't it?


-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Dimitris Zacharopoulos
Sent: Tuesday, February 9, 2016 5:26 AM
To: public at cabforum.org
Subject: [cabfpub] Fwd: Discussion about RFC5280 and BR in Mozilla-dev-security

Re-posting to the public list (and apologies for those receiving it twice).

Begin forwarded message:

Dear CA/B Forum members,

There is a discussion in Mozilla-dev-security mailing list regarding the interpretation of some sections from the BR (mainly 7.1) and RFC5280 (mainly
4.2.1) regarding the "serial number" of "trust anchors" (as defined in RFC5280). Now, trust anchors are usually self-signed certificates known as RootCA certificates.

According to the verification algorithm, as described in RFC5280, "Trust anchors" are treated as input to the algorithm. This means that the serial number of the RootCA certificate is ignored, together with other elements (for example policy OIDs).

Also, the BR required serial numbers to have 20bits of entropy to prevent hash collision attacks. Was there ever a requirement or intension for trust anchors to RootCA certificates to have 20bits of entropy?

It would be interesting for people with good technical knowledge of RFC5280 and people who defined section 7.1 of the BR to engage in the public discussion in moz-dev-sec under thread "New requirement:certlint testing".

Best regards,
Dimitris Zacharopoulos.

Public mailing list
Public at cabforum.org
NOTICE: Protiviti is a global consulting and internal audit firm composed of experts specializing in risk and advisory services. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. This electronic mail message is intended exclusively for the individual or entity to which it is addressed. This message, together with any attachment, may contain confidential and privileged information. Any views, opinions or conclusions expressed in this message are those of the individual sender and do not necessarily reflect the views of Protiviti Inc. or its affiliates. Any unauthorized review, use, printing, copying, retention, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email message to the sender and delete all copies of this message. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160209/458182ae/attachment-0003.html>

More information about the Public mailing list