On 2016-11-08 17:18, Gervase Markham wrote:
RFC 3797 has a handy mechanism called "verifiable random selection",
which allows you to make a random selection from a list that can be
publicly verified as random. And, even more handily, I've written an
implementation of it in JavaScript:
http://www.gerv.net/hacking/vrs/
We would choose 3 certs from the list as it exists every Monday at 2pm
UK time, using the following sources of randomness for the algorithm:
1) UK National Lottery "Lotto" numbers, not including bonus ball
2) UK National Lottery "Thunderball" numbers, not including Thunderball
3) UK National Lottery "Lotto Hotpicks" numbers
All would be from the draws which take place on the Saturday preceding
the Monday in question. https://www.national-lottery.co.uk/results
We also need to have a sorted list of them. I guess the list of crt.sh
is acceptable. Sorting could for instance been done by sorting based on
the SHA256.
Kurt
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
