On Fri, Apr 29, 2016 at 7:17 PM, Matt Palmer <mpal...@hezmatt.org> wrote: > On Fri, Apr 29, 2016 at 05:12:28PM -0700, Peter Bowen wrote: >> On Fri, Apr 29, 2016 at 5:03 PM, Matt Palmer <mpal...@hezmatt.org> wrote: >> > Even more fun: what if the serial number is MD5(YYYYMMDDHHmmss)? In that >> > case, comparing two serial numbers makes them all *look* awesomely random, >> > until someone figures out "the secret", at which point pretty much all the >> > bits are predictable, even though there's no "obvious" pattern from >> > examining the serials themselves. >> >> What if the serial number is HMAC-MD5(SecretStaticKey, >> YYYYMMDDHHmmss)? Or AES encryption of the timestamp? >> >> This is why there are human auditors. They can ask the CA how they >> are generating the serial numbers. That is the only way that this can >> every be verified. > > Yes, that's my point. It is entirely pointless to examine the sausages once > they're sitting on the shelf.
Think about it more like home inspectors. The can tell you if something is wrong but cannot guarantee it is right. https://crt.sh/?Identity=%25&iCAID=535 is an example of either the worst RNG ever or not using a RNG. I'd say that is wrong. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy