> On 29.04.2014 20:15, Jakob Bohm wrote: >> I seem to (vaguely) recall that there was once an option or standard for >> using a certificate-contents-related hash as the serial number, but I >> can't seem to find it right now. > Hi, > could you please try to find this; I would be interested in such - a way > of serial number that doesn't make > back reference in the number of certificates the CA has signed ... > Thanks, > Walter > >
This all seems unecessarily complex. Make the serial number a 256 bit or greater true random number. There will be no collisions. Making the serial number a function of the cert contents seems like a really bad idea with potential consequences down the road. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org