[cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy

Ryan Sleevi sleevi at google.com
Sat Feb 27 18:47:28 UTC 2016


On Feb 27, 2016 10:30 AM, "kirk_hall at trendmicro.com" <
kirk_hall at trendmicro.com> wrote:
>
> For clarity, I pasted in current BR 7.1 below.  Later sections of Sec.
7.1 refer separately to Root Certificates, Subordinate CA Certificates, and
Subscriber Certificates (Sec. 7.1.2.1 through 7.1.2.3).  So this proposal
would apply to all three categories of certificates, correct?

Correct. The Section 7.1 refers to the profile for any certificates in
scope.

> If we adopt this, instead of starting “Effective April 1, 2016 ***”
maybe we should say “For certificates generated on or after April 1, 2016
***” to make it clear that certificates generated before that date do not
need to be reissued.  Also, is April 1 a little close for people to change
their systems?
>

That's the question of the pre-ballot - if no one affirmatively states that
concern, ideally with a counter-proposal for when they believe they could
convert, then we know it isn't a problem - or that the people for whom it
would be a problem should be following and participating in the Forum.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160227/f6bfc051/attachment-0003.html>


More information about the Public mailing list