Matthew Hardeman via dev-security-policy <[email protected]> writes:
>shall be 0x75 Not 0x71? >If anyone thinks any of this has merit, by all means run with it. Sounds good, and saves me having to come up with something (the bitsort(CSPRNG64()) nonsense took enough time to type up). The only thing I somewhat disagree with is #3, since this is now very concise and requires "the first 64 bits of output" you can just make it a CSPRNG, which is well- understood and presumably available to any CA, since it's a standard feature of all HSMs. Peter. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
