Matthew Hardeman <mharde...@gmail.com> writes: >Can the CA's agent just request the cert, review the to-be-signed certificate >data, and reject and retry until they land on a prime? Then issue that >certificate? > >Does current policy address that? Should it?
Yeah, you can get arbitrarily silly with this. For example my code has always used 8-byte serial numbers (based on the German Tank Problem, nothing to do with the BR), it requests 9 bytes of entropy and, if the first byte of the 8 that gets used is zero uses the surplus byte, and if that's still zero sets it to 1 (again nothing to do with the BR, purely as an ASN.1 encoding thing so you always get a fixed-length value). So there's a bias of 1/64K values. Is that small enough? What if I make it 32 bits, so it's 1/4G values? What about 48 bits? What if I use a variant of what you're suggesting, a >64-bit structured value that contains 64 bits of entropy (so perhaps something using parity bits or similar), is that valid? As I said above, you can get arbitrarily silly with this. I'm sure if we looked at other CA's code at the insane level of nitpickyness that DarkMatter's use of EJBCA has been examined, we'd find reasons why their implementations are non-compliant as well. Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
