Hi, On 29/12/17 06:24, Jakob Bohm wrote: > 1. Do all recently issued certificates have to contain at least 64 bits > of randomness in their serial numbers?
Yes. (References given by others.) > 2. Is it acceptable for a CA to satisfy this requirement by generating > random 64 bit serial numbers and checking if there is a certificate > with that random serial before using it? IMO Yes. The requirement is specifically to include 64 bits of output from a CSPRNG. Bits don't stop being from a CSPRNG just because they've compared unequally with a list of other sets of bits. > 3. Or would the elimination in #2 reduce the entropy of such serial > numbers to slightly less than 64 bits (since there are less than 2**64 > allowed values for all but the first such certificate)? Technically, it would, but I don't think that's a problem as the requirement is written, and I don't think it's a problem in practice because the entropy reduction is so slight and the error margin is intentionally large. 2^64 is 18,446,744,073,709,552,000. Even if you issue a billion certificates, the entropy reduction is 0.0000001%. (May be off by an order of mag. or two, but roughly that.) Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
