On Friday, March 8, 2019 at 6:05:05 PM UTC-6, Ryan Sleevi wrote: > You're absolutely correct that two certificates, placed next to eachother, > could appear sequential. Someone might then make a claim that the CA has > violated the requirements. The CA can then respond by discussing how they > actually validate serial numbers, and the whole matter can be dismissed as > compliant.
Let's set aside certificates for a moment and talk about serial numbers, elsewhere definitionally defined as positive integers. Certificate serial number A (represented as plain unencoded integer): 123456 Certificate serial number B (represented as plain unencoded integer): 123457 Can we agree that those two numbers are factually provable as sequential as pertains integer mathematics? If so, then regardless of when (or in what order) two different certificates arise in which those serial numbers feature, as long as they arise as certificates issued by the same issuing CA, two certificates with definitionally sequential numbers have at that point been issued. Pursuant to the plain language of 7.1 as written, that circumstance -- regardless of how it would occur -- would appear to be a misissuance. I concur with you fully that a CA (and anyone, really) should view the BRs with an adversarial approach to review. The rule as written requires that the output bits have come from a CSPRNG. But it doesn't say that they have to come from a single invocation of a CSPRNG or that they have to be collected as a contiguous bit stream from the CSPRNG with no bits of output from the CSPRNG discarded and replaced by further invocation of the CSPRNG. Clearly a technicality, but shouldn't the rules be engineered with the assumption that implementers (or their software vendors) might take a different interpretation? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
