Re: [openssl.org #842] [PATCH] Reduce probability of duplicate serial numbers

Rich Salz Mon, 15 Mar 2004 07:27:50 -0800

Is the problem that there isn't an atomic "get next serial#" function?


Turning the serial# into a timestamp narrows the window, but doesn't close
it, particularly on SMP machines.  Using a big random number closes it,
but will probably inconvenience, confuse, etc., all those who assume the
serial# fits in a C long.  (Yes, those folks have non-robust code, but for
their applications you can't really claim it's broken.)

        /r$

--
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Re: [openssl.org #842] [PATCH] Reduce probability of duplicate serial numbers

Reply via email to