Entropy should be in serial because it is encoded very early in the ASN.1 structure, and therefore provides greater resistance to a chosen prefix collision attack like what broke MD5.
Ryanne From: <[email protected]<mailto:[email protected]>> on behalf of "Brown, Wendy (10421)" <[email protected]<mailto:[email protected]>> Date: Friday, February 26, 2016 at 6:43 PM To: Richard Barnes <[email protected]<mailto:[email protected]>>, Ryan Sleevi <[email protected]<mailto:[email protected]>> Cc: CABFPub <[email protected]<mailto:[email protected]>> Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy Why does the entropy have to be in the serial number vs a combination of serial number and date/time bits ? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Richard Barnes Sent: Friday, February 26, 2016 6:26 PM To: Ryan Sleevi <[email protected]<mailto:[email protected]>> Cc: CABFPub <[email protected]<mailto:[email protected]>> Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy On Fri, Feb 26, 2016 at 6:03 PM, Ryan Sleevi <[email protected]<mailto:[email protected]>> wrote: Is there a reason for the change from "entropy" to "unpredictable bits" Would you be opposed to "64 bits of random data from a cryptographically strong random number generator"? The concern I have with the language change is that while "entropy" is arguably less ambiguous, I fear "unpredictable bits" will create a situation where a CA says "No one knows our [deterministic] algorithm, therefore it's unpredictable" I admit, I'm not terribly thrilled with my rewrite either, because I don't think it should be required to use an RNG on an HSM, for example (that's arguably overkill), but I do want to make sure that the source of entropy is cryptographically strong (thus ruling out Microsoft's GUIDs, crappy RNGs, etc) I would prefer this proposal. It provides a specific thing that can be verified (whereas "entropy" and "unpredictable" are vague statistical properties). --Richard On Fri, Feb 26, 2016 at 1:49 PM, Ben Wilson <[email protected]<mailto:[email protected]>> wrote: For discussion: Pre-Ballot 164 - Certificate Serial Number Entropy -- Motion Begins -- In Section 7.1 of the Baseline Requirements, REPLACE "CAs SHOULD generate non-sequential Certificate serial numbers that exhibit at least 20 bits of entropy" WITH "Effective April 1, 2016, CAs SHALL use a Certificate serialNumber greater than zero (0) that contains at least 64 unpredictable bits." -- Motion Ends -- _______________________________________________ Public mailing list [email protected]<mailto:[email protected]> https://cabforum.org/mailman/listinfo/public<https://urldefense.proofpoint.com/v2/url?u=https-3A__cabforum.org_mailman_listinfo_public&d=CwMFaQ&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=CBPcrHveVS6JeW8_gWG0NRDQwKKDbvlAqGnuc-opZ58&m=gLfqC3w5Q3KWZIqYA3p1oVBUpJRLnT0Sn6QRxHzrcbk&s=nCLIEUA1hig93WH1Iz1Z5uXl3uOXAsav6dZCFhfAXJo&e=> _______________________________________________ Public mailing list [email protected]<mailto:[email protected]> https://cabforum.org/mailman/listinfo/public<https://urldefense.proofpoint.com/v2/url?u=https-3A__cabforum.org_mailman_listinfo_public&d=CwMFaQ&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=CBPcrHveVS6JeW8_gWG0NRDQwKKDbvlAqGnuc-opZ58&m=gLfqC3w5Q3KWZIqYA3p1oVBUpJRLnT0Sn6QRxHzrcbk&s=nCLIEUA1hig93WH1Iz1Z5uXl3uOXAsav6dZCFhfAXJo&e=> NOTICE: Protiviti is a global consulting and internal audit firm composed of experts specializing in risk and advisory services. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. This electronic mail message is intended exclusively for the individual or entity to which it is addressed. This message, together with any attachment, may contain confidential and privileged information. Any views, opinions or conclusions expressed in this message are those of the individual sender and do not necessarily reflect the views of Protiviti Inc. or its affiliates. Any unauthorized review, use, printing, copying, retention, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email message to the sender and delete all copies of this message. Thank you.
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
