I wrote: As I said above, you can get arbitrarily silly with this. I'm sure if we looked at other CA's code at the insane level of nitpickyness that DarkMatter's use of EJBCA has been examined, we'd find reasons why their implementations are non-compliant as well.
Seconds after sending it, this arrived: As of 9pm AZ on 3/6/2019 GoDaddy started researching the 64bit certificate Serial Number issue. We have identified a significant quantity of certificates (> 1.8million) not meeting the 64bit serial number requirement. I rest my case. Oh, and the BR's need an update so that half the CAs on the planet aren't suddenly non-BR compliant based on the DarkMatter-specific interpretation. Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
