Hi,
On 29/12/17 06:24, Jakob Bohm wrote:
> 1. Do all recently issued certificates have to contain at least 64 bits
> of randomness in their serial numbers?
Yes. (References given by others.)
> 2. Is it acceptable for a CA to satisfy this requirement by generating
> random 64 bit serial
@lists.mozilla.org
> Subject: Re: Serial number length
>
> On December 29, 2017 at 12:27:35 PM, David E. Ross via dev-security-policy
(
> dev-security-policy@lists.mozilla.org) wrote:
>
> On 12/28/2017 10:33 PM, Peter Bowen wrote:
> > On Thu, Dec 28, 2017 at 10:24 PM, Jakob Bohm
I was exploring what legitimate reasons/excuses there could be for a CA
to have serial numbers that happen to be 64 bits long, not good ways to
generate serial numbers.
The overall context is to propose automated tests to be run against CT
data or other certificates to detect CAs that fail to
On December 29, 2017 at 12:27:35 PM, David E. Ross via dev-security-policy (
dev-security-policy@lists.mozilla.org) wrote:
On 12/28/2017 10:33 PM, Peter Bowen wrote:
> On Thu, Dec 28, 2017 at 10:24 PM, Jakob Bohm via dev-security-policy
> wrote:
>> After
On 12/28/2017 10:33 PM, Peter Bowen wrote:
> On Thu, Dec 28, 2017 at 10:24 PM, Jakob Bohm via dev-security-policy
> wrote:
>> After looking at some real certificates both in the browser and on crt.sh, I
>> have some followup questions on certificate serial
Or just generate longer serials with random.
Which is much simpler.
On Fri, Dec 29, 2017 at 11:57 AM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 29/12/2017 13:55, Nick Lamb wrote:
>
>> On Fri, 29 Dec 2017 07:24:31 +0100
>> Jakob Bohm via
On 29/12/2017 13:55, Nick Lamb wrote:
On Fri, 29 Dec 2017 07:24:31 +0100
Jakob Bohm via dev-security-policy
wrote:
3. Or would the elimination in #2 reduce the entropy of such serial
numbers to slightly less than 64 bits (since there are less than
On Fri, Dec 29, 2017 at 1:24 AM, Jakob Bohm via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> After looking at some real certificates both in the browser and on crt.sh,
> I have some followup questions on certificate serial numbers:
>
> 1. Do all recently issued
On Fri, 29 Dec 2017 07:24:31 +0100
Jakob Bohm via dev-security-policy
wrote:
> 3. Or would the elimination in #2 reduce the entropy of such serial
>numbers to slightly less than 64 bits (since there are less than
> 2**64 allowed values for all but the
On Thu, Dec 28, 2017 at 10:24 PM, Jakob Bohm via dev-security-policy
wrote:
> After looking at some real certificates both in the browser and on crt.sh, I
> have some followup questions on certificate serial numbers:
>
> 4. If the answers are yes, no, yes,
10 matches
Mail list logo