On Fri, Apr 29, 2016 at 7:17 PM, Matt Palmer wrote:
> On Fri, Apr 29, 2016 at 05:12:28PM -0700, Peter Bowen wrote:
>> On Fri, Apr 29, 2016 at 5:03 PM, Matt Palmer wrote:
>> > Even more fun: what if the serial number is MD5(MMDDHHmmss)? In that
>> >
On Fri, Apr 29, 2016 at 05:12:28PM -0700, Peter Bowen wrote:
> On Fri, Apr 29, 2016 at 5:03 PM, Matt Palmer wrote:
> > On Fri, Apr 29, 2016 at 12:42:28AM -0700, Nick Lamb wrote:
> >> There is an absolutely objective test, but it is negative. If anyone can
> >> predict N-bits
On Fri, Apr 29, 2016 at 12:42:28AM -0700, Nick Lamb wrote:
> There is an absolutely objective test, but it is negative. If anyone can
> predict N-bits of your next serial number then those N-bits were by
> definition predictable. To give a concrete example if you issued with 16
> digit serial
I'm a little confused about the expected scope of audit reports with
respect to non-Root issuers.
The Mozilla CA policy says:
"The term 'subordinate CA' below refers to any organization or legal
entity that is in possession or control of a certificate that is
capable of being used to issue new
Thanks. I see. It's by the best effort approach.
On 4/29/2016 4:29 PM, Rob Stradling wrote:
>
>> My understanding
>> is that it gives that warning when the serial is not long enough.
>
> Seems so. See
> https://github.com/awslabs/certlint/blob/master/lib/certlint/cablint.rb#L69
>
On 29/04/16 09:24, Kurt Roeckx wrote:
On 2016-04-29 09:42, Nick Lamb wrote:
I'm sure Rob can give a more technical answer, but my understanding is
that crt.sh doesn't (and probably can't) detect that individual
certificates have enough entropy, instead it flags certificates based
on the length
On 2016-04-29 09:42, Nick Lamb wrote:
I'm sure Rob can give a more technical answer, but my understanding is that
crt.sh doesn't (and probably can't) detect that individual certificates have
enough entropy, instead it flags certificates based on the length of the serial
numbers. So it's
On Friday, 29 April 2016 02:22:14 UTC+1, Man Ho (Certizen) wrote:
> Hi Rob,
>
> I know that there is a discussion regarding "bits of entropy" or
> "unpredictable bits" in certificate serial number. I do not familiar
> with this topic, but my gut feeling is that "unpredictable bits" is
>
8 matches
Mail list logo