Right, you are correct, 64 bits. -----Original Message----- From: Gervase Markham [mailto:[email protected]] Sent: Tuesday, November 8, 2016 6:09 AM To: Doug Beattie <[email protected]>; [email protected] Subject: Re: Implementing a SHA-1 ban via Mozilla policy
On 07/11/16 15:34, Doug Beattie wrote: > I'd prefer a requirement for long serial numbers over a total ban on > SHA-1 Sub CAs. The BRs state 112 bits of entropy, so I'd recommend > using that for non BR certificates (assuming client applications don't > have issues with that). Actually, the BRs state 64 bits of entropy in the serial number, in section 7.1. The bit you are thinking of which states 112 is for Random Values used in validation. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
