On Thursday, 10 August 2017 16:20:56 UTC+1, Jonathan Rudenberg  wrote:
 - Three intermediates, "TeleSec ServerPass Class 2 CA”, "Go Daddy Secure 
Certificate Authority - G2”, and "Starfield Secure Certificate Authority - G2”, 
(which are not in this list) appear to issue certificates with serial numbers 
that are based on exactly 64 bits of entropy. This means that a small 
percentage of the certificates that they issue have serial numbers that are 
smaller than 8 bytes, requiring additional filtering to avoid false positives. 
It would be helpful if the policy was adjusted to require serial numbers always 
be at least 8 bytes before DER encoding to avoid these false positives.

Mmmm. I previously spoke out in favour of the practice of calling out 
non-compliant certificates because we need CAs to be doing their best, but I 
think there's also an allied element that when we're looking for problems we 
too need to put the effort in.

The truth is that there is no positive test for randomness, any work in this 
area is going to end up needing a judgement call, so I think inconveniencing 
the CAs even a small amount with such a policy change just to make automated 
testing easier isn't the right trade off. If there happens to be some future 
work in this policy area and the opportunity is taken to incorporate Jonathan's 
wording I have no problem with that, but I definitely don't think Mozilla 
should insist on it for its own sake.
dev-security-policy mailing list

Reply via email to