On Thursday, 10 August 2017 16:20:56 UTC+1, Jonathan Rudenberg wrote:
- Three intermediates, "TeleSec ServerPass Class 2 CA”, "Go Daddy Secure
Certificate Authority - G2”, and "Starfield Secure Certificate Authority - G2”,
(which are not in this list) appear to issue certificates with serial numbers
that are based on exactly 64 bits of entropy. This means that a small
percentage of the certificates that they issue have serial numbers that are
smaller than 8 bytes, requiring additional filtering to avoid false positives.
It would be helpful if the policy was adjusted to require serial numbers always
be at least 8 bytes before DER encoding to avoid these false positives.
Mmmm. I previously spoke out in favour of the practice of calling out
non-compliant certificates because we need CAs to be doing their best, but I
think there's also an allied element that when we're looking for problems we
too need to put the effort in.
The truth is that there is no positive test for randomness, any work in this
area is going to end up needing a judgement call, so I think inconveniencing
the CAs even a small amount with such a policy change just to make automated
testing easier isn't the right trade off. If there happens to be some future
work in this policy area and the opportunity is taken to incorporate Jonathan's
wording I have no problem with that, but I definitely don't think Mozilla
should insist on it for its own sake.
dev-security-policy mailing list