[cabfpub] Ballot 164 - Certificate Serial Number Entropy
Moudrick M. Dadashov
md at ssc.lt
Fri Jul 8 10:01:56 UTC 2016
SSC votes: "Yes".
Thanks,
M.D.
On 6/24/2016 6:17 PM, Ben Wilson wrote:
>
> *Ballot 164 - Certificate Serial Number Entropy*
>
> This ballot has been proposed by Jacob Hoffman-Andrews of Let's
> Encrypt and endorsed by Ben Wilson of DigiCert and Tim Hollebeek of
> Trustwave:
>
> *Statement of intent:*
>
> As demonstrated in
> https://events.ccc.de/congress/2008/Fahrplan/attachments/1251_md5-collisions-1.0.pdf,
> hash collisions can allow an attacker to forge a signature on the
> certificate of their choosing. The birthday paradox means that, in the
> absence of random bits, the security level of a hash function is half
> what it should be. Adding random bits to issued certificates mitigates
> collision attacks and means that an attacker must be capable of a much
> harder preimage attack. For a long time the Baseline Requirements have
> encouraged adding random bits to the serial number of a certificate,
> and it is now common practice. This ballot makes that best practice
> required, which will make the Web PKI much more robust against all
> future weaknesses in hash functions. Additionally, it replaces
> "entropy" with "CSPRNG" to make the requirement clearer and easier to
> audit, and clarifies that the serial number must be positive.
>
> *-- Motion Begins --*
>
> In Section 1.6.1 of the Baseline Requirements,
>
> ADD
>
> CSPRNG: A random number generator intended for use in cryptographic
> system.
>
> In Section 7.1 of the Baseline Requirements,
>
> REPLACE
>
> "CAs SHOULD generate non-sequential Certificate serial numbers that
> exhibit at least 20 bits of entropy."
>
> WITH
>
> "Effective September 30, 2016, CAs SHALL generate Certificate serial
> numbers greater than zero (0) containing at least 64 bits of output
> from a CSPRNG."
>
> *-- Motion Ends --*
>
> The review period for this ballot shall commence immediately, and will
> close at 2200 UTC on 1 July 2016. Unless the motion is withdrawn
> during the review period, the voting period will start immediately
> thereafter and will close at 2200 UTC on 8 July 2016. Votes must be
> cast by posting an on-list reply to this thread.
>
> A vote in favor of the motion must indicate a clear 'yes' in the
> response. A vote against must indicate a clear 'no' in the response. A
> vote to abstain must indicate a clear 'abstain' in the response.
> Unclear responses will not be counted. The latest vote received from
> any representative of a voting member before the close of the voting
> period will be counted. Voting members are listed here:
> https://cabforum.org/members/
>
> In order for the motion to be adopted, two thirds or more of the votes
> cast by members in the CA category and greater than 50% of the votes
> cast by members in the browser category must be in favor. Quorum is
> currently ten (10) members– at least ten members must participate in
> the ballot, either by voting in favor, voting against, or abstaining.
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160708/1cf90a0c/attachment-0003.html>
More information about the Public
mailing list