On Fri, Mar 8, 2019 at 9:27 PM Peter Gutmann
wrote:
> Ryan Sleevi writes:
>
> >I'm not sure this will be a very productive or valuable line of
> discussion.
>
> What I'm pointing out is that beating up CAs over an interpretation of the
> requirements that didn't exist until about a week ago
Ryan Sleevi writes:
>I'm not sure this will be a very productive or valuable line of discussion.
What I'm pointing out is that beating up CAs over an interpretation of the
requirements that didn't exist until about a week ago when it was pointed out
in relation to DarkMatter is unfair on the
I wrote:
>So the immediate application of this observation is to make any 64-bit value
>comply with the ASN.1 encoding rules: If the first bit is 1 (so the sign bit
>is set), swap it with any convenient zero bit elsewhere in the value.
>Similarly, if the first 9 bits are zero, swap one of them
On Fri, Mar 8, 2019 at 8:11 PM Peter Gutmann via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> I didn't post this as part of yesterday's message because I didn't want to
> muddy the waters even further, but let's look at the exact wording of BR
> 7.1:
>
> All fully
I didn't post this as part of yesterday's message because I didn't want to
muddy the waters even further, but let's look at the exact wording of BR 7.1:
CAs SHALL generate non-sequential Certificate serial numbers greater than
zero (0) containing at least 64 bits of output from a CSPRNG
Note
5 matches
Mail list logo