Re: [FORGED] Re: What's the meaning of "non-sequential"? (AW: EJBCA defaulting to 63 bit serial numbers)

Matthew Hardeman via dev-security-policy writes: >But, maybe "non-sequential" doesn't mean that. It's a pity a concept like >that isn't clearly objective. I assume what the text was meaning to say was "unpredictable", but it was unfortunately phrased badly, presumably as a rushed response to

Re: What's the meaning of "non-sequential"? (AW: EJBCA defaulting to 63 bit serial numbers)

On Mon, Mar 11, 2019 at 5:35 PM Buschart, Rufus via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Since choice 1 is a logical consequence of "containing 64 bits of random > data", I was always under the impression, that choice 2 was meant by the > BRGs. If choice 1 is

AW: What's the meaning of "non-sequential"? (AW: EJBCA defaulting to 63 bit serial numbers)

> Von: Ryan Sleevi > Betreff: Re: What's the meaning of "non-sequential"? (AW: EJBCA defaulting to > 63 bit serial numbers) > > On Mon, Mar 11, 2019 at 1:18 PM Buschart, Rufus via dev-security-policy > > wrote: > > > [...] nowhere the BRGs

Re: EJBCA defaulting to 63 bit serial numbers

On Mon, Mar 11, 2019 at 10:00 AM Daymion Reynolds via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Glad you agree 64bit serial numbers can have no fixed bits, as a fixed bit > in a 64 bit serial number would result in less than 64 bits of entropy. If > you are going to

Re: What's the meaning of "non-sequential"? (AW: EJBCA defaulting to 63 bit serial numbers)

On Mon, Mar 11, 2019 at 12:18 PM Buschart, Rufus via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > I really like reading this discussion about 64 vs. 63 bits and how to read > the BRGs as it shows a lot of passion by all of us in the PKI community. > Never the less, in

Re: Google Trust Services and EJBCA serial number behavior

Dear m.d.s.p, We wanted to follow-up to this thread and give a brief update. We have revoked all but 26 of the affected certificates and are working with the associated subscribers to enable a smooth transition prior to revocation which will occur as each certificate is replaced or by

Re: What's the meaning of "non-sequential"? (AW: EJBCA defaulting to 63 bit serial numbers)

On Mon, Mar 11, 2019 at 1:18 PM Buschart, Rufus via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Dear mdsp! > > I really like reading this discussion about 64 vs. 63 bits and how to read > the BRGs as it shows a lot of passion by all of us in the PKI community. > Never

What's the meaning of "non-sequential"? (AW: EJBCA defaulting to 63 bit serial numbers)

Dear mdsp! I really like reading this discussion about 64 vs. 63 bits and how to read the BRGs as it shows a lot of passion by all of us in the PKI community. Never the less, in the discussion, I miss one interesting aspect. The BRGs not only speak about 64 bits as output from a CSPRNG but

Re: EJBCA defaulting to 63 bit serial numbers

On Monday, March 11, 2019 at 8:57:27 AM UTC-7, Ryan Sleevi wrote: > I don’t think there’s anything inherently wrong with an approach that uses > a fixed prefix, whether of one bit or more, provided that there is at least > 64 bits of entropy included in the serial prior to encoding to DER. > >

Re: EJBCA defaulting to 63 bit serial numbers

I don’t think there’s anything inherently wrong with an approach that uses a fixed prefix, whether of one bit or more, provided that there is at least 64 bits of entropy included in the serial prior to encoding to DER. This means a scheme with guarantees a positive INTEGER will generate *encoded*

Re: EJBCA defaulting to 63 bit serial numbers

On Saturday, March 9, 2019 at 5:15:50 PM UTC-7, Wayne Thayer wrote: > On Sat, Mar 9, 2019 at 12:49 PM Dimitris Zacharopoulos via > dev-security-policy wrote: > > > > > The question I'm having trouble answering, and I would appreciate if > > this was answered by the Mozilla CA Certificate Policy