Then I'll move forward with the ballot if we have two endorsers. -----Original Message----- From: Peter Bowen [mailto:[email protected]] Sent: Monday, April 18, 2016 9:16 PM To: Ben Wilson <[email protected]> Cc: CABFPub <[email protected]> Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy
I looked at certificates across all CT logs that had notBefore dates in March 2016. Only 549 unique certificates had more than 20 bits but less than 61 bits in the serial number. They were spread among many CAs. >From the looks of it, I’m guessing that some CAs using a random number between 0 and N (probably 2^64 or 2^128) and some percentage of the time the value chosen is less than 2^61. I used 2^61 as that is 16 hex digits which is a good approximation of 64-bits. So, I would say that almost everyone is using at least 64-bit serial numbers already. > On Apr 18, 2016, at 3:45 PM, Ben Wilson <[email protected]> wrote: > > On the cablint report for the 20 bits of entropy, https://crt.sh/?cablint=38, > there are 20 certificates that were listed. If this changes to 64 bits, how > many more certificates will be on the list? > > From: [email protected] [mailto:[email protected]] On > Behalf Of Ben Wilson > Sent: Monday, April 18, 2016 10:25 AM > To: CABFPub <[email protected]> > Subject: [cabfpub] FW: Pre-Ballot 164 - Certificate Serial Number Entropy > > Forwarding > > From: Kane York [mailto:[email protected]] > Sent: Monday, April 18, 2016 10:23 AM > To: Ben Wilson <[email protected]>; Erwann Abalea > <[email protected]> > Cc: [email protected] > Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy > > > On Fri, Apr 15, 2016 at 7:52 AM Ben Wilson <[email protected]> wrote: > I didn’t think it was that simple. For instance, see > https://en.wikipedia.org/wiki/Password_strength > > From: Erwann Abalea [mailto:[email protected]] > Sent: Friday, April 15, 2016 8:44 AM > To: Ben Wilson <[email protected]> > Cc: CABFPub <[email protected]> > > Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy > > Bonjour, > > 20 bits of entropy is the same as 20 bits unpredictable bits. > > Whence, 64 bits of entropy is a higher requirement than 20 bits of entropy. > > Cordialement, > Erwann Abalea > > No, it definitely is that simple. > > I think the confusion here is the definition of "hex characters". > > > Our CA issues certificates with 32 hexadecimal characters for the serial > > number. > > This is not possible - you cannot have 32 ASCII characters in the serial > number. > The most likely truth given that explanation is that you have 16 fully random > bytes. Which would be 16 * 8 = 128 random bits, satisfying the entropy > requirements. > > 3 fully random bytes would satisfy the 20-bit requirement. > 6 fully random hexadecimal ASCII characters encoded in the serial number > would satisfy the 20-bit requirement. > > 8 fully random bytes is required to satisfy the 64-bit requirement. > 16 bytes with 4 bits of entropy each, which ASCII-encoded hexadecimal would > be, would satisfy the entropy requirement and leave you 3.875 bytes left over > for other information. > > > Le 15 avr. 2016 à 16:32, Ben Wilson <[email protected]> a écrit : > > Forwarding > > From: Man Ho (Certizen) [mailto:[email protected]] > Sent: Thursday, April 14, 2016 7:51 PM > To: Ben Wilson <[email protected]>; Ryan Sleevi <[email protected]> > Cc: [email protected] > Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy > > Ben, > > We had already changed our system to issue SSL certificates with 20 > hexadecimal characters of at least 20-bit of entropy since 2014. I'm just > wondering why the requirement is changed from "bits of entropy" to > "unpredictable bits", which I don't understand the conversion (like "cm" to > "inch" :). I don't know whether our software vendor understands it. > > Man > > On 4/15/2016 4:24 AM, Ben Wilson wrote: > You’re right, given a randomly generated 20-byte serial number, you have 159 > unpredictable bits. > > From: Ryan Sleevi [mailto:[email protected]] > Sent: Thursday, April 14, 2016 2:03 PM > To: Ben Wilson <[email protected]> > Cc: Man Ho (Certizen) <[email protected]>; [email protected] > Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy > > Ben: > > Are you sure your math is correct? A serial number is 20 bytes, with the high > bit needing to be 1 (for the encoding of positive INTEGERS within DER). This > leaves 159 bits for entropy. So you certainly can't have more unpredictable > bits than that :) > > On Thu, Apr 14, 2016 at 12:59 PM, Ben Wilson <[email protected]> wrote: > Man, > Have you had a chance to do further research on the capabilities of your > system? Our CA issues certificates with 32 hexadecimal characters for the > serial number. There are 4 bits of entropy for each hexadecimal character. > Therefore, our serial numbers have 128 bits of entropy and 16*32= 512 > unpredictable bits. An 8-hexadecimal character serial number would have 32 > bits of entropy and 128 unpredictable bits. A 20-bit entropy would be equal > to 5 hexadecimal characters, or 80 unpredictable bits, so this seems like > this is a downgrade to go to 64 unpredictable bits. Am I right? > Ben > > From: Man Ho (Certizen) [mailto:[email protected]] > Sent: Wednesday, March 23, 2016 12:27 AM > To: Ben Wilson <[email protected]>; [email protected] > Subject: Re: [cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy > > Hi all, > > Is the meaning of "at least 64 unpredictable bits" setting the same or a > higher requirement than "at least 20 bits of entropy" ? I'm not quite sure > whether our certificate generation software has this setting in itself. > > Cheers > Man > > On 3/1/2016 12:21 AM, Ben Wilson wrote: > REPLACE > "CAs SHOULD generate non-sequential Certificate serial numbers that exhibit > at least 20 bits of entropy" > WITH > "Effective April 1, 2016, CAs SHALL use a Certificate serialNumber greater > than zero (0) that contains at least 64 unpredictable bits." > > > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public > > > > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public > > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
