On Thu, Mar 07, 2019 at 08:47:46PM -0600, Matthew Hardeman via dev-security-policy wrote: > On Thu, Mar 7, 2019 at 8:29 PM Ryan Sleevi via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > Past analysis and discussion have shown the interpretation is hardly > > specific to a single CA. It was a problem quite literally publicly > > discussed during the drafting and wording of the ballot. References were > > provided to those discussions. Have you gone and reviewed them? It might be > > helpful to do so, before making false statements that mislead. > > "Effective September 30, 2016, CAs SHALL generate non-sequential > Certificate serial numbers greater than zero (0) containing at least 64 > bits of output from a CSPRNG. " [1] > > Irrespective of the discussion underlying the modifications of the BRs to > incorporate this rule, there are numerous respondent CAs of varying > operational vintage, varying size, and varying organizational complexity.
Yes, there are, and they all have a huge burden of trust placed on them. > The history underlying a rule should not be necessary to implement and > faithfully obey a rule. I absolutely agree with this. Thankfully, there is no requirement to understand the history behind the changes under discussion in order to correctly implement it. > Rather than have us theorize as to why non-compliance with this rule seems > to be so widespread, even by a number of organizations which have more > typically adhered to industry best practices, would you be willing to posit > a plausible scenario for why all of this non-compliance has gone on for so > long and by so many across so many certificates? Because, like so many other things that go on for a long time before they're discovered, nobody took a look. > Additionally, assuming a large CA with millions of issued certificates > using an actual 64-bit random serial number... Should the CA also do an > exhaustive issued-serial-number search to ensure that the to-be-signed > serial number is not off-by-one in either direction from a previously > issued certificate serial number? However implausible, if it occurred, > this would indeed result in having participated in the issuance of 2 > certificates with sequential serial numbers. Having sequential serial numbers is not problematic. Having *predictable* serial numbers is problematic. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy