> 1. How many of the 54,583 certificates are issued to Apple owned and
> operated servers and services and how many not.
All impacted certificates were issued to Apple entities
> 2. What kinds of practical issues are delaying the replacement of
> certificates on any such Apple operated
Hi Tim,
Thanks for your reply.
First to your questions:
1. The purpose of serial number is to identify the certificate, not to make
it secure. It will be used in the CRL, OCSP, etc. as identifier.
2. Unfortually yes, you can change the SAN and some non-critical extensions
to get the same hash
If it were possible to do what you're suggesting, there's no reason you'd need
to use the serial number for it. You could just as easily add that randomness
in an additional SAN, or a certificate extension that the browser didn't care
about. In fact, since the BRs require SHA-256 as a minimum
With random serial numbers an adversary does not even need to guess the
serial number.
Consider the following attack, the adversary finds a certificate with weak
hash algorithm. He adds his host to the SAN field, then he tries to find
out a positive serial number up to 20 octets which results in
Hi Lijun,
Entropy is required in serial numbers to protect against weak hash
functions -- historically exploitation of MD5's weakness was possible
because CAs used sequential serial numbers, thus allowing an attacker to
pre-compute hash prefixes, because they could predict future data that
would
In the last days, the issue related to the 63 bit serial number by using
the default configuration of EJBCA poped up in many forums.
Could someone please explain why the BR requires the minimal entropy to be
64 bit?
Best regards
Lijun
___
6 matches
Mail list logo
