In message <[EMAIL PROTECTED]> on Sun, 10 Oct 2004 18:16:21 -0700, Eric Rescorla 
<[EMAIL PROTECTED]> said:

ekr> Does anyone know the details of the certificate generation
ekr> algorithms used by various CAs?

Variants I've heard of are:

 - A simple counter starting at 0 (well, actually, I know this one, as
   that's what OpenSSL does :-))
 - A simple counter starting with a random value (OpenSSL has an
   option for this).
 - A time-based value (I don't recall who did that)
 - A hash of some sort (I believe Verisign does that, among others)

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

-- 
Richard Levitte   \ Tunnlandsvägen 52 \ [EMAIL PROTECTED]
[EMAIL PROTECTED]  \ S-168 36  BROMMA  \ T: +46-708-26 53 44
                    \      SWEDEN       \
Procurator Odiosus Ex Infernis                -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

-----------------------------------------------------------------
A: Because it fouls the order in which people normally read text. 
Q: Why is top-posting such a bad thing? 
A: Top-posting. 
Q: What is the most annoying thing on usenet and in e-mail?

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to