-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think that part of the difficulty here is the words used. Our
experience in other areas is overwhelmingly in favor of serial number
being a sample from a counter that starts at 0 or 1 and is incremented by
1 every time it's consulted. So we see a
Bonjour,
Hodie pr. Kal. Mar. MMVI est, Mark H. Wood scripsit:
I think that part of the difficulty here is the words used. Our
experience in other areas is overwhelmingly in favor of serial number
being a sample from a counter that starts at 0 or 1 and is incremented by
1 every time it's
Bonjour,
Hodie IV Kal. Mar. MMVI est, Kyle Hamilton scripsit:
[...]
Can you give me a pointer to the several standards that reflect and
enforce the issuer name + serial number uniqueness? A more
The X.509 says it all.
From this standard, a CA is a name (not a key, really a name). That
allows
Bonjour,
Hodie IV Kal. Mar. MMVI est, Dr. Stephen Henson scripsit:
[... about serial numbers ...]
Some CAs choose consecutive values, other what look like random values of
hashes.
One commercial reason for not using consecutive values is that competitors can
work out how many certificates
On Sun, Feb 26, 2006, Erwann ABALEA wrote:
Bonjour,
Hodie IV Kal. Mar. MMVI est, Dr. Stephen Henson scripsit:
[... about serial numbers ...]
Some CAs choose consecutive values, other what look like random values of
hashes.
One commercial reason for not using consecutive values is
On Sun, Feb 26, 2006, Dr. Stephen Henson wrote:
On Sun, Feb 26, 2006, Erwann ABALEA wrote:
The CA has the possibility to change the name of the issued
certificate, by adding a random element (a kind of serial number), but
this isn't usually well percieved (the customer always asks for