> So you can argue that it's not possible to comply with the BRs by > just generating a 64 bit random number, you would need to generate > at least 65.
Yes, that's right, because the 64 bit entropy won't be left intact after any filtering, even the very basic zero value removal. > But I would argue that such an implementation that > only generates 64 bits and does the checks is in the spirit of what > was intended. I'm not sure if that could be the intent because it would allow the following to happen: Let's say that the biggest CA in the universe (serving other planets too) has issued the following number of certificates to the time, 18446744073709551614 (2^64 - 2), and now they need to generate a new certificate and there is only one possible serial number to choose from (the other value is the forbidden zero) and the purpose of ballot 164 (i.e. protect against https://fahrplan.events.ccc.de/congress/2008/Fahrplan/attachments/1251_md5-collisions-1.0.pdf) is defeated. Anyway, the previous is a non-realistic example and I'm well aware that the mass violation under discussion won't affect security in the real world now, but given that in this very moment this is the formally implemented requirement, all violations should be treated according to the regular procedure, unless... The Mozilla Root Store Policy gets updated with an exceptions handling procedure which could "forgive" retroactively (possible?) this massive violation, e.g. allowing a minimum entropy of 62 bits (or less) for certificates issued until a given date (in the near future) with the purpose to accomodate to the 62 bits [1] of entropy being guaranteed by a default EJBCA <7.0.1 or to the entropy provided by any other known PKI implementation. So I would like to ask again if there is any possibility to implement some type of exceptions handling as asked in [2]. [1] log2(0x7FFFFFFFFFFFFFFF - 0x80000000000000 + 1) = 62.99435343685886 (or less if certificates has been previously generated) [2] https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/7WuWS_20758/erK0-f0GCwAJ _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
