On Friday, December 19, 2014 7:40:46 AM UTC-5, Erwann Abalea wrote: > So far, Entrust is the last of the big CAs who still uses sequential serial > numbers when CABF BR and Mozilla Policy impose at least 20 bits of entropy > (Microsoft requires at least 64 bits). Entrust is in process of switching all CAs to use serial numbers with at least 20 bits of entropy. We will se this implemented in 2015. In the interim, Entrust has implemented entropy in the validity fields to mitigate a SHA-1 collision attack.
Bruce. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
