On 13/03/2019 22:28, Richard Moore via dev-security-policy wrote: > On Tuesday, March 12, 2019 at 11:53:25 PM UTC, Kurt Roeckx wrote: >> >> The expected distribution when generating a random 64 bit integer >> and properly encoding that as DER is that: >> - about 1/2 integers require 9 bytes >> - about 1/2 integers require 8 bytes >> - about 1/512 integers require 7 bytes >> - about 1/131072 integers require 6 bytes >> - about 1/33554432 integers require 5 bytes >> - [...] >> >> That a serial is smaller than 8 bytes is not an indication that it >> doesn't contain enough entropy. > > This is true, but the situation is surely worse - any CA who's serial numbers > do not have a significant length variation is almost certainly not providing > 64 bits of entropy with the exception of those who are add a prefix to ensure > it is positive, and even those are not providing it unless they have lots of > serial numbers with a big block of zeros. > > If any other CA wants to check theirs before someone else does, then now is > surely the time to speak up.
Someone else is in the process of checking... ;-) -- Rob Stradling Senior Research & Development Scientist Sectigo Limited _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
