On Mon, Feb 25, 2019 at 02:11:40AM +0000, Scott Rea via dev-security-policy wrote: > My anticipation is that what happens is that CSPRNG process is repeated > until a positive INTEGER is returned. In which case a 64-bit output from > a CSPRNG is contained in the serialNumber as is required.
That is not any better than just setting the MSB to zero. Imagine if a CA said "we generate a 64-bit serial by getting values from the CSPRNG repeatedly until the value is one greater than the previously issued certificate, and use that as the serial number.". It's hard to imagine that that would be considered sufficient, and it's fundamentally the same as the process you're describing. > Please note, the requirement is not a 64-bit number, but that a 64-bit > output from a CSPRNG process is contained in the serialNumber, and we > believe this is exactly what is happening. If the process is repeatedly asking for a value from the CSPRNG until it gets one it "likes", then no, you're not using 64 bits of output from a CSPRNG. The value may be 64 bits long, but not all 64 of those bits came from the CSPRNG -- some of the bits came from the acceptability test, not the CSPRNG. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy