[cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy

Richard Barnes rbarnes at mozilla.com
Sat Feb 27 01:53:24 UTC 2016

Because it's way simpler?  Even if you lie about hours, minutes, and
seconds, that only gets you like more 16 bits of entropy per date, at the
cost of degrading the semantic utility of the dates.

On the other hand, you can put pretty much all the entropy you want in the
serial number with no consequence; they just have to be unique with a CA's
scope.   There are a whole lot of certs out there with 128-bit serial
numbers, which gives plenty of room for both randomness and whatever
semantics the CA wants to put in.

Sent from my iPhone.  Please excuse brevity.

On Feb 26, 2016, at 20:43, Brown, Wendy (10421) <wendy.brown at protiviti.com>

Why does the entropy have to be in the serial number vs a combination of
serial number and date/time bits ?

*From:* public-bounces at cabforum.org [mailto:public-bounces at cabforum.org
<public-bounces at cabforum.org>] *On Behalf Of *Richard Barnes
*Sent:* Friday, February 26, 2016 6:26 PM
*To:* Ryan Sleevi <sleevi at google.com>
*Cc:* CABFPub <public at cabforum.org>
*Subject:* Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy

On Fri, Feb 26, 2016 at 6:03 PM, Ryan Sleevi <sleevi at google.com> wrote:

Is there a reason for the change from "entropy" to "unpredictable bits"

Would you be opposed to "64 bits of random data from a cryptographically
strong random number generator"?

The concern I have with the language change is that while "entropy" is
arguably less ambiguous, I fear "unpredictable bits" will create a
situation where a CA says "No one knows our [deterministic] algorithm,
therefore it's unpredictable"

I admit, I'm not terribly thrilled with my rewrite either, because I don't
think it should be required to use an RNG on an HSM, for example (that's
arguably overkill), but I do want to make sure that the source of entropy
is cryptographically strong (thus ruling out Microsoft's GUIDs, crappy
RNGs, etc)

I would prefer this proposal.  It provides a specific thing that can be
verified (whereas "entropy" and "unpredictable" are vague statistical


On Fri, Feb 26, 2016 at 1:49 PM, Ben Wilson <ben.wilson at digicert.com> wrote:

For discussion:

*Pre-Ballot 164 - Certificate Serial Number Entropy*

-- Motion Begins --

In Section 7.1 of the Baseline Requirements,


"CAs SHOULD generate non-sequential Certificate serial numbers that exhibit
at least 20 bits of entropy"


"Effective April 1, 2016, CAs SHALL use a Certificate serialNumber greater
than zero (0) that contains at least 64 unpredictable bits."

-- Motion Ends --

Public mailing list
Public at cabforum.org

Public mailing list
Public at cabforum.org

NOTICE: Protiviti is a global consulting and internal audit firm composed
of experts specializing in risk and advisory services. Protiviti is not
licensed or registered as a public accounting firm and does not issue
opinions on financial statements or offer attestation services. This
electronic mail message is intended exclusively for the individual or
entity to which it is addressed. This message, together with any
attachment, may contain confidential and privileged information. Any views,
opinions or conclusions expressed in this message are those of the
individual sender and do not necessarily reflect the views of Protiviti
Inc. or its affiliates. Any unauthorized review, use, printing, copying,
retention, disclosure or distribution is strictly prohibited. If you have
received this message in error, please immediately advise the sender by
reply email message to the sender and delete all copies of this message.
Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160226/994e7371/attachment-0003.html>

More information about the Public mailing list