On Wed, Mar 13, 2019 at 5:52 AM Ryan Sleevi <[email protected]> wrote: > > > On Tue, Mar 12, 2019 at 11:18 PM bif via dev-security-policy < > [email protected]> wrote: > >> FWIW, the easiest would've been to remove "positive" aspect of serials. >> Who really cares? A random number is a random number. >> > > RFC 5280 cares, as it's been a long-standing source of compat issues, > which is why RFC 5280 itself made the 'positive' requirement. > > https://tools.ietf.org/html/rfc5280#section-4.1.2.2 >
Oh, I know RFC is the source of this requirement (and even in that, it says "should handle"). All I was saying, a number is a number, and making this exception only solidified wrong implementations (said compat issues), instead of healing the ecosystem (forcing wrong implementations to be fixed). But I understand that's not the battle to be won or even fought here. :) _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
