Is there a reason for the change from "entropy" to "unpredictable bits"
Would you be opposed to "64 bits of random data from a cryptographically strong random number generator"? The concern I have with the language change is that while "entropy" is arguably less ambiguous, I fear "unpredictable bits" will create a situation where a CA says "No one knows our [deterministic] algorithm, therefore it's unpredictable" I admit, I'm not terribly thrilled with my rewrite either, because I don't think it should be required to use an RNG on an HSM, for example (that's arguably overkill), but I do want to make sure that the source of entropy is cryptographically strong (thus ruling out Microsoft's GUIDs, crappy RNGs, etc) On Fri, Feb 26, 2016 at 1:49 PM, Ben Wilson <[email protected]> wrote: > *For discussion:* > > *Pre-Ballot 164 - Certificate Serial Number Entropy* > > -- Motion Begins -- > > In Section 7.1 of the Baseline Requirements, > > REPLACE > > "CAs SHOULD generate non-sequential Certificate serial numbers that > exhibit at least 20 bits of entropy" > > WITH > > "Effective April 1, 2016, CAs SHALL use a Certificate serialNumber greater > than zero (0) that contains at least 64 unpredictable bits." > > -- Motion Ends -- > > > > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public > >
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
