On Tuesday, March 12, 2019 at 9:54:56 AM UTC-7, ad...@adamcaudill.com wrote: > Daymion, > > You linked to a thread in m.d.s.p and cited it as confirming a specific > interpretation of 7.1 - as that's a long thread (with some possible > questionable information), could you possibly share what criteria you used to > determine what certificates were impacted by this issue and which ones were > not? Seeing a reduction from >1.8M to 12k is a substantial difference, and > thus is bound to make participants curious. > > I think that would be very helpful to ensure that everyone is on the same > page about what is and isn't compliant with 7.1. > > Thanks > > On Tuesday, March 12, 2019 at 12:28:11 PM UTC-4, Daymion Reynolds wrote: > > As of 9pm AZ on 3/6/2019 GoDaddy started researching the 64bit certificate > > Serial Number issue. Due to a m.d.s.p.[1] discussion validating an > > interpretation of BR 7.1 our revised count is approximately 12,152 live > > certificates not meeting the 64bit serial number requirement. > > Additionally, we have identified 273,784 “orphaned” certificates meeting > > the initial interpretation of BR 7.1. Orphaned certificates are certs, > > which were stopped mid-issuance due to a variety of reasons like requestor > > cancellation, system errors etc. These certs are most often > > pre-certificates, but some are leaf-certificates, which were logged to CT, > > but never received by the certificate requestor. > > ... > > [1] > > https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/7WuWS_20758
The crux of the difference is in the DER format interpretation. The fact prefix (0)s do count for entropy, provided none of the bits are fixed and you have a minimum of 8 bytes in the serial. We discuss this in the Mozilla post on 3/11/2019. For the DER format the first two (0)s of the value is the positive sign of the integer. In our case if the un-signed integer value is 64bit and the most significant bit is set, two additional (0)s will be prepended to demonstrate a positive sign. In this case it will be 9bytes instead of 8bytes. Always a minimum of 8bytes (64bits) of entropy. You do still have to manage zero compression for integer values less than 72057594037927936, which will result in 7bytes instead of 8bytes. Hope this helps. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
