On Tue, Mar 12, 2019 at 2:49 PM Hector Martin 'marcan' via
dev-security-policy wrote:
> What I'm saying is that merely sticking to the most convenient
> interpretation for you and deflecting all responsibility for how we
> ended up here is not productive, and does not scream trustworthiness.
> Th
On 12/03/2019 21.10, Mike Kushner via dev-security-policy wrote:
>>> There are no, and has never been any, 63 bit serial numbers created by
>>> EJBCA.
>>
>> ... lead me to significantly reduce my trust in those making them, and
>> their ability to correctly interpret security-critical standards i
On Tue, Mar 12, 2019 at 12:07 PM Mike Kushner via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Unless you're going under the presumption that the MSB doesn't count as a
> part of the serial number (and I've never seen an RFC or requirement
> pointing to that being the case
> I think when it comes to specifications with cryptographic relevance (as
> unpredictable serials are), less is more; the more inflexible and
> unambiguous the spec is, the less likely it will be "creatively
> interpreted" in a manner that bypasses the whole point. To someone with
> crypto exp
On 12/03/2019 07:54, Ryan Sleevi via dev-security-policy wrote:
On Mon, Mar 11, 2019 at 5:35 PM Buschart, Rufus via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
Since choice 1 is a logical consequence of "containing 64 bits of random
data", I was always under the impressi
Matthew Hardeman via dev-security-policy
writes:
>But, maybe "non-sequential" doesn't mean that. It's a pity a concept like
>that isn't clearly objective.
I assume what the text was meaning to say was "unpredictable", but it was
unfortunately phrased badly, presumably as a rushed response to "
On Mon, Mar 11, 2019 at 5:35 PM Buschart, Rufus via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Since choice 1 is a logical consequence of "containing 64 bits of random
> data", I was always under the impression, that choice 2 was meant by the
> BRGs. If choice 1 is meant
> Von: Ryan Sleevi
> Betreff: Re: What's the meaning of "non-sequential"? (AW: EJBCA defaulting to
> 63 bit serial numbers)
>
> On Mon, Mar 11, 2019 at 1:18 PM Buschart, Rufus via dev-security-policy
> <mailto:dev-security-policy@lists.mozilla.org>
On Mon, Mar 11, 2019 at 12:18 PM Buschart, Rufus via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
>
> I really like reading this discussion about 64 vs. 63 bits and how to read
> the BRGs as it shows a lot of passion by all of us in the PKI community.
> Never the less, in th
On Mon, Mar 11, 2019 at 1:18 PM Buschart, Rufus via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Dear mdsp!
>
> I really like reading this discussion about 64 vs. 63 bits and how to read
> the BRGs as it shows a lot of passion by all of us in the PKI community.
> Never the
Dear mdsp!
I really like reading this discussion about 64 vs. 63 bits and how to read the
BRGs as it shows a lot of passion by all of us in the PKI community. Never the
less, in the discussion, I miss one interesting aspect. The BRGs not only speak
about 64 bits as output from a CSPRNG but also
11 matches
Mail list logo