On Tuesday, March 12, 2019 at 11:53:25 PM UTC, Kurt Roeckx wrote: > > The expected distribution when generating a random 64 bit integer > and properly encoding that as DER is that: > - about 1/2 integers require 9 bytes > - about 1/2 integers require 8 bytes > - about 1/512 integers require 7 bytes > - about 1/131072 integers require 6 bytes > - about 1/33554432 integers require 5 bytes > - [...] > > That a serial is smaller than 8 bytes is not an indication that it > doesn't contain enough entropy.
This is true, but the situation is surely worse - any CA who's serial numbers do not have a significant length variation is almost certainly not providing 64 bits of entropy with the exception of those who are add a prefix to ensure it is positive, and even those are not providing it unless they have lots of serial numbers with a big block of zeros. If any other CA wants to check theirs before someone else does, then now is surely the time to speak up. Kind Regards Rich _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
