How does the diffusion of early toBeSigned entropy create value for an event performed once?
-----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+steve.medin=verizonbusiness....@lists.mo zilla.org] On Behalf Of Kurt Roeckx Sent: Monday, February 08, 2016 4:32 PM To: Kathleen Wilson Cc: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: New requirement: certlint testing On Mon, Feb 08, 2016 at 12:42:46PM -0800, Kathleen Wilson wrote: > > One topic currently under discussion in Bug #1201423 is regarding root > certificates with serial number of 0. The error being returned by > http://cert-checker.allizom.org/ is "Serial number must be positive". I think a root CA is a certificate like any other, it just happens to sign itself. So I think it should follow the rules for every other certificate it signs, including that the serial must be unique and positive, and non-sequential and contain at least 20 bit of entropy. Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy