Re: What's the meaning of "non-sequential"? (AW: EJBCA defaulting to 63 bit serial numbers)

On Tue, Mar 12, 2019 at 2:49 PM Hector Martin 'marcan' via dev-security-policy wrote: > What I'm saying is that merely sticking to the most convenient > interpretation for you and deflecting all responsibility for how we > ended up here is not productive, and does not scream trustworthiness. >

Re: What's the meaning of "non-sequential"? (AW: EJBCA defaulting to 63 bit serial numbers)

On 12/03/2019 21.10, Mike Kushner via dev-security-policy wrote: >>> There are no, and has never been any, 63 bit serial numbers created by >>> EJBCA. >> >> ... lead me to significantly reduce my trust in those making them, and >> their ability to correctly interpret security-critical standards

Re: What's the meaning of "non-sequential"? (AW: EJBCA defaulting to 63 bit serial numbers)

On Tue, Mar 12, 2019 at 12:07 PM Mike Kushner via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Unless you're going under the presumption that the MSB doesn't count as a > part of the serial number (and I've never seen an RFC or requirement > pointing to that being the

Re: What's the meaning of "non-sequential"? (AW: EJBCA defaulting to 63 bit serial numbers)

> I think when it comes to specifications with cryptographic relevance (as > unpredictable serials are), less is more; the more inflexible and > unambiguous the spec is, the less likely it will be "creatively > interpreted" in a manner that bypasses the whole point. To someone with > crypto

Re: What's the meaning of "non-sequential"? (AW: EJBCA defaulting to 63 bit serial numbers)

On 12/03/2019 07:54, Ryan Sleevi via dev-security-policy wrote: On Mon, Mar 11, 2019 at 5:35 PM Buschart, Rufus via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: Since choice 1 is a logical consequence of "containing 64 bits of random data", I was always under the

Re: [FORGED] Re: What's the meaning of "non-sequential"? (AW: EJBCA defaulting to 63 bit serial numbers)

Matthew Hardeman via dev-security-policy writes: >But, maybe "non-sequential" doesn't mean that. It's a pity a concept like >that isn't clearly objective. I assume what the text was meaning to say was "unpredictable", but it was unfortunately phrased badly, presumably as a rushed response to

Re: What's the meaning of "non-sequential"? (AW: EJBCA defaulting to 63 bit serial numbers)

On Mon, Mar 11, 2019 at 5:35 PM Buschart, Rufus via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Since choice 1 is a logical consequence of "containing 64 bits of random > data", I was always under the impression, that choice 2 was meant by the > BRGs. If choice 1 is

AW: What's the meaning of "non-sequential"? (AW: EJBCA defaulting to 63 bit serial numbers)

> Von: Ryan Sleevi > Betreff: Re: What's the meaning of "non-sequential"? (AW: EJBCA defaulting to > 63 bit serial numbers) > > On Mon, Mar 11, 2019 at 1:18 PM Buschart, Rufus via dev-security-policy > > wrote: > > > [...] nowhere the BRGs

Re: What's the meaning of "non-sequential"? (AW: EJBCA defaulting to 63 bit serial numbers)

On Mon, Mar 11, 2019 at 12:18 PM Buschart, Rufus via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > I really like reading this discussion about 64 vs. 63 bits and how to read > the BRGs as it shows a lot of passion by all of us in the PKI community. > Never the less, in

Re: What's the meaning of "non-sequential"? (AW: EJBCA defaulting to 63 bit serial numbers)

On Mon, Mar 11, 2019 at 1:18 PM Buschart, Rufus via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Dear mdsp! > > I really like reading this discussion about 64 vs. 63 bits and how to read > the BRGs as it shows a lot of passion by all of us in the PKI community. > Never

What's the meaning of "non-sequential"? (AW: EJBCA defaulting to 63 bit serial numbers)

Dear mdsp! I really like reading this discussion about 64 vs. 63 bits and how to read the BRGs as it shows a lot of passion by all of us in the PKI community. Never the less, in the discussion, I miss one interesting aspect. The BRGs not only speak about 64 bits as output from a CSPRNG but