Matthew Hardeman via dev-security-policy <dev-security-policy@lists.mozilla.org> writes:
>But, maybe "non-sequential" doesn't mean that. It's a pity a concept like >that isn't clearly objective. I assume what the text was meaning to say was "unpredictable", but it was unfortunately phrased badly, presumably as a rushed response to "MD5 considered harmful today" which took advantage of the fact that RapidSSL used a counter to create its serial numbers. Given that we've now got several more interpretations of what 7.1 is requiring, and it's only Monday (at least for you lot), I think this really, really needs an update to clarify what's actually required. The 7.1 text is clearly inadequate to convey precisely what should be going into the serial number field, given the number of interpretations and the amount of debate about what is and isn't allowed. The "modest proposal" sounds like a good fit for the updated text. Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy