[cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy
Ryan Sleevi
sleevi at google.com
Sat Feb 27 18:47:28 UTC 2016
On Feb 27, 2016 10:30 AM, "kirk_hall at trendmicro.com" <
kirk_hall at trendmicro.com> wrote:
>
> For clarity, I pasted in current BR 7.1 below. Later sections of Sec.
7.1 refer separately to Root Certificates, Subordinate CA Certificates, and
Subscriber Certificates (Sec. 7.1.2.1 through 7.1.2.3). So this proposal
would apply to all three categories of certificates, correct?
Correct. The Section 7.1 refers to the profile for any certificates in
scope.
> If we adopt this, instead of starting “Effective April 1, 2016 ***”
maybe we should say “For certificates generated on or after April 1, 2016
***” to make it clear that certificates generated before that date do not
need to be reissued. Also, is April 1 a little close for people to change
their systems?
>
That's the question of the pre-ballot - if no one affirmatively states that
concern, ideally with a counter-proposal for when they believe they could
convert, then we know it isn't a problem - or that the people for whom it
would be a problem should be following and participating in the Forum.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160227/f6bfc051/attachment-0003.html>
More information about the Public
mailing list