On Mon, Feb 08, 2016 at 12:42:46PM -0800, Kathleen Wilson wrote: > > One topic currently under discussion in Bug #1201423 is regarding root > certificates with serial number of 0. The error being returned by > http://cert-checker.allizom.org/ is "Serial number must be positive".
I think a root CA is a certificate like any other, it just happens to sign itself. So I think it should follow the rules for every other certificate it signs, including that the serial must be unique and positive, and non-sequential and contain at least 20 bit of entropy. Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
