[cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy

Ryan Sleevi sleevi at google.com
Sat Feb 27 01:58:14 UTC 2016 

Or, put conversely, why should it?

Date/time is one we certainly need to be careful with; Microsoft for many
years forbid its use as a source of entropy. I've seen a CA argue that
they've placed 32 bits of entropy, since they set the seconds field of
notBefore / notAfter. Given that the seconds value can only contain values
1-6 in the first digit, and 0-9 in the second, that's 2.5 bits + 3.33 bits
- or effectively, a total of 11.6 bits - assuming I can math, which is a
generous assumption.

CAs already have an obligation to ensure serials are unique, so if the CA
should have a mistake and *not* be generating entropy, that'd also be far
more noticable than if the RNG got stuck on 00:00:00 for entropy in dates.

On Fri, Feb 26, 2016 at 5:43 PM, Brown, Wendy (10421) <
wendy.brown at protiviti.com> wrote:

> Why does the entropy have to be in the serial number vs a combination of
> serial number and date/time bits ?
>
>
>
> *From:* public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] *On
> Behalf Of *Richard Barnes
> *Sent:* Friday, February 26, 2016 6:26 PM
> *To:* Ryan Sleevi <sleevi at google.com>
> *Cc:* CABFPub <public at cabforum.org>
> *Subject:* Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number
> Entropy
>
>
>
>
>
>
>
> On Fri, Feb 26, 2016 at 6:03 PM, Ryan Sleevi <sleevi at google.com> wrote:
>
> Is there a reason for the change from "entropy" to "unpredictable bits"
>
>
>
> Would you be opposed to "64 bits of random data from a cryptographically
> strong random number generator"?
>
>
>
> The concern I have with the language change is that while "entropy" is
> arguably less ambiguous, I fear "unpredictable bits" will create a
> situation where a CA says "No one knows our [deterministic] algorithm,
> therefore it's unpredictable"
>
>
>
> I admit, I'm not terribly thrilled with my rewrite either, because I don't
> think it should be required to use an RNG on an HSM, for example (that's
> arguably overkill), but I do want to make sure that the source of entropy
> is cryptographically strong (thus ruling out Microsoft's GUIDs, crappy
> RNGs, etc)
>
>
>
> I would prefer this proposal.  It provides a specific thing that can be
> verified (whereas "entropy" and "unpredictable" are vague statistical
> properties).
>
>
>
> --Richard
>
>
>
>
>
> On Fri, Feb 26, 2016 at 1:49 PM, Ben Wilson <ben.wilson at digicert.com>
> wrote:
>
> For discussion:
>
> *Pre-Ballot 164 - Certificate Serial Number Entropy*
>
> -- Motion Begins --
>
> In Section 7.1 of the Baseline Requirements,
>
> REPLACE
>
> "CAs SHOULD generate non-sequential Certificate serial numbers that
> exhibit at least 20 bits of entropy"
>
> WITH
>
> "Effective April 1, 2016, CAs SHALL use a Certificate serialNumber greater
> than zero (0) that contains at least 64 unpredictable bits."
>
> -- Motion Ends --
>
>
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__cabforum.org_mailman_listinfo_public&d=CwMFaQ&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=CBPcrHveVS6JeW8_gWG0NRDQwKKDbvlAqGnuc-opZ58&m=gLfqC3w5Q3KWZIqYA3p1oVBUpJRLnT0Sn6QRxHzrcbk&s=nCLIEUA1hig93WH1Iz1Z5uXl3uOXAsav6dZCFhfAXJo&e=>
>
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__cabforum.org_mailman_listinfo_public&d=CwMFaQ&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=CBPcrHveVS6JeW8_gWG0NRDQwKKDbvlAqGnuc-opZ58&m=gLfqC3w5Q3KWZIqYA3p1oVBUpJRLnT0Sn6QRxHzrcbk&s=nCLIEUA1hig93WH1Iz1Z5uXl3uOXAsav6dZCFhfAXJo&e=>
>
>
> NOTICE: Protiviti is a global consulting and internal audit firm composed
> of experts specializing in risk and advisory services. Protiviti is not
> licensed or registered as a public accounting firm and does not issue
> opinions on financial statements or offer attestation services. This
> electronic mail message is intended exclusively for the individual or
> entity to which it is addressed. This message, together with any
> attachment, may contain confidential and privileged information. Any views,
> opinions or conclusions expressed in this message are those of the
> individual sender and do not necessarily reflect the views of Protiviti
> Inc. or its affiliates. Any unauthorized review, use, printing, copying,
> retention, disclosure or distribution is strictly prohibited. If you have
> received this message in error, please immediately advise the sender by
> reply email message to the sender and delete all copies of this message.
> Thank you.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160226/46c0a7ae/attachment-0003.html>

More information about the Public mailing list