[cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy

Fotis Loukos fotisl at it.auth.gr
Tue May 3 13:16:17 UTC 2016



On 04/28/2016 11:53 PM, Jacob Hoffman-Andrews wrote:
> On Fri, Apr 22, 2016 at 9:01 AM, Tim Hollebeek <THollebeek at trustwave.com
> <mailto:THollebeek at trustwave.com>> wrote:
> 
>     This is why I proposed and continue to support an actual
>     definition.  If people don’t like my definition, I’m open to
>     improvements.  I don’t think it should be too hard to come up with
>     one that excludes the four examples Doug mentioned, and I think mine
>     currently does.
> 
> 
> I think we're unlikely to conclusively define entropy in a way that
> auditors can reasonably measure. What we want to do here is rule out
> solutions that are obviously wrong. How about this:
> 
> "CAs SHALL use a Certificate serialNumber greater than zero (0)
> containing at least 64 bits of output from a CSPRNG"
> 
> "CSPRNG: A random number generator intended for use in cryptographic system"

Wouldn't this prohibit the usage of a true RNG, such as a Geiger-Muller
tube detecting radioactive decay, measurement of cosmic background
radiation or any quantum phenomena? I know that these RNGs aren't that
popular, but why limit them?

Fotis

> 
> This rules out things like GUID, which are easy to verify as not
> intended for use in a cryptographic system
> <https://blogs.msdn.microsoft.com/oldnewthing/20120523-00/?p=7553>,
> without creating a cryptanalytic test for whether something qualifies as
> a CSPRNG.
> 
> That said, I still think it would be sufficient to continue to use
> "entropy" without further definition, and if we can't settle on a good
> definition soon, we should proceed with that approach.
> 
> 
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
> 



More information about the Public mailing list