[cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy
jsha at letsencrypt.org
Tue May 3 13:46:58 MST 2016
On Tue, May 3, 2016 at 12:49 PM, Ben Wilson <ben.wilson at digicert.com> wrote:
> What are your thoughts about language suggested on the Mozilla Dev
> Security Policy list under the topic, Undisclosed CA Certificates, “at
> least 64 bits in the certificate serial number SHALL be generated using a
There was also a sub-thread on this topic here on the CA/Browser Forum in
which I proposed similar language, along with a definition of CSPRNG as
requested by Tim:
> "CAs SHALL use a Certificate serialNumber greater than zero (0)
containing at least 64 bits of output from a CSPRNG"
> "CSPRNG: A random number generator intended for use in cryptographic
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public