On Friday, December 19, 2014 5:15:24 PM UTC-5, Bruce wrote: > On Friday, December 19, 2014 7:40:46 AM UTC-5, Erwann Abalea wrote: > > > So far, Entrust is the last of the big CAs who still uses sequential serial > > numbers when CABF BR and Mozilla Policy impose at least 20 bits of entropy > > (Microsoft requires at least 64 bits). > Entrust is in process of switching all CAs to use serial numbers with at > least 20 bits of entropy. We will se this implemented in 2015. In the > interim, Entrust has implemented entropy in the validity fields to mitigate a > SHA-1 collision attack. > > Bruce.
Please note that our serial number implementation will meet the Microsoft requirement of at least 64 bits. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
