Re: Undisclosed CA certificates

2016-04-29 Thread Peter Bowen
On Fri, Apr 29, 2016 at 7:17 PM, Matt Palmer wrote: > On Fri, Apr 29, 2016 at 05:12:28PM -0700, Peter Bowen wrote: >> On Fri, Apr 29, 2016 at 5:03 PM, Matt Palmer wrote: >> > Even more fun: what if the serial number is MD5(MMDDHHmmss)? In that >> >

Re: Undisclosed CA certificates

2016-04-29 Thread Matt Palmer
On Fri, Apr 29, 2016 at 05:12:28PM -0700, Peter Bowen wrote: > On Fri, Apr 29, 2016 at 5:03 PM, Matt Palmer wrote: > > On Fri, Apr 29, 2016 at 12:42:28AM -0700, Nick Lamb wrote: > >> There is an absolutely objective test, but it is negative. If anyone can > >> predict N-bits

Re: Undisclosed CA certificates

2016-04-29 Thread Matt Palmer
On Fri, Apr 29, 2016 at 12:42:28AM -0700, Nick Lamb wrote: > There is an absolutely objective test, but it is negative. If anyone can > predict N-bits of your next serial number then those N-bits were by > definition predictable. To give a concrete example if you issued with 16 > digit serial

[no subject]

2016-04-29 Thread Peter Bowen
I'm a little confused about the expected scope of audit reports with respect to non-Root issuers. The Mozilla CA policy says: "The term 'subordinate CA' below refers to any organization or legal entity that is in possession or control of a certificate that is capable of being used to issue new

Re: Undisclosed CA certificates

2016-04-29 Thread Man Ho (Certizen)
Thanks. I see. It's by the best effort approach. On 4/29/2016 4:29 PM, Rob Stradling wrote: > >> My understanding >> is that it gives that warning when the serial is not long enough. > > Seems so. See > https://github.com/awslabs/certlint/blob/master/lib/certlint/cablint.rb#L69 >

Re: Undisclosed CA certificates

2016-04-29 Thread Rob Stradling
On 29/04/16 09:24, Kurt Roeckx wrote: On 2016-04-29 09:42, Nick Lamb wrote: I'm sure Rob can give a more technical answer, but my understanding is that crt.sh doesn't (and probably can't) detect that individual certificates have enough entropy, instead it flags certificates based on the length

Re: Undisclosed CA certificates

2016-04-29 Thread Kurt Roeckx
On 2016-04-29 09:42, Nick Lamb wrote: I'm sure Rob can give a more technical answer, but my understanding is that crt.sh doesn't (and probably can't) detect that individual certificates have enough entropy, instead it flags certificates based on the length of the serial numbers. So it's

Re: Undisclosed CA certificates

2016-04-29 Thread Nick Lamb
On Friday, 29 April 2016 02:22:14 UTC+1, Man Ho (Certizen) wrote: > Hi Rob, > > I know that there is a discussion regarding "bits of entropy" or > "unpredictable bits" in certificate serial number. I do not familiar > with this topic, but my gut feeling is that "unpredictable bits" is >