On Mon, Mar 11, 2019 at 10:00 AM Daymion Reynolds via dev-security-policy < [email protected]> wrote:
> Glad you agree 64bit serial numbers can have no fixed bits, as a fixed bit > in a 64 bit serial number would result in less than 64 bits of entropy. If > you are going to fix a significant bit it must be beyond the 64th bit. If > your 64 bit serial number does not contain 1's in the significant byte, as > long as you still write 64 full bits of data to the cert with 0's left > padded, then the desired entropy is achieved and is valid. CAs should keep > this in mind while building their revocation lists. > You can't left pad with zeros in DER. DER requires that the maximum padding is a leading zero to set the sign, otherwise no leading zeros. You could go for more than 64 bit serial length and set the upper bits to 01 to avoid the issue, so the most significant byte is between 64 - 127 inclusive. You would need to have at least 9 octets for serial number, but this is no more than what you have 50% of the time now. Thanks, Peter _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
