On 07/11/16 15:34, Doug Beattie wrote: > I'd prefer a requirement for long serial numbers over a total ban on > SHA-1 Sub CAs. The BRs state 112 bits of entropy, so I'd recommend > using that for non BR certificates (assuming client applications > don't have issues with that).
Actually, the BRs state 64 bits of entropy in the serial number, in section 7.1. The bit you are thinking of which states 112 is for Random Values used in validation. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
