On Tue, Mar 12, 2019 at 2:22 PM Daymion Reynolds via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> The crux of the difference is in the DER format interpretation. The fact > prefix (0)s do count for entropy, provided none of the bits are fixed and > you have a minimum of 8 bytes in the serial. We discuss this in the Mozilla > post on 3/11/2019. > > For the DER format the first two (0)s of the value is the positive sign of > the integer. In our case if the un-signed integer value is 64bit and the > most significant bit is set, two additional (0)s will be prepended to > demonstrate a positive sign. In this case it will be 9bytes instead of > 8bytes. Always a minimum of 8bytes (64bits) of entropy. You do still have > to manage zero compression for integer values less than 72057594037927936, > which will result in 7bytes instead of 8bytes. > Just making sure I've got the right message - this is https://groups.google.com/d/msg/mozilla.dev.security.policy/7WuWS_20758/9OKbI4xyCQAJ correct? If viewing through groups' interface, you can click the arrow for "More Message Actions" to copy link. To make sure I understand correctly, the statement is that GoDaddy generated 64 bits of entropy prior to DER encoding. This resulted in some serials that are exactly 8 octets (or even less, depending on leading zeros and minimal encoding) and some serials that are 9 or more octets. The reduction from >1.8M certificates to 12K certificates is a statement that only those 12K certificates lacked a 64-bit entropy contribution? And possibly 273K certificates which GoDaddy does not consider issued, but otherwise made committments to issue (such as logging a pre-cert)? To provide greater clarity about this incident, could you more fully describe your serial number generation algorithm (potentially including code or pseudo-code) that can help demonstrate how this system was compliant? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
