[cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy

Ryan Sleevi sleevi at google.com
Thu Apr 21 01:54:01 MST 2016


On Wed, Apr 20, 2016 at 6:07 PM, Jacob Hoffman-Andrews <jsha at letsencrypt.org
> wrote:

> I think the question of how to define entropy or CSPRNGs is a really good
> one, but I think the core of this ballot, changing a SHOULD to a SHALL, is
> too important to hold up on that complex question. How about a version
> which is strictly no more ambiguous that the current  version:
>
> "Effective April 1, 2016, CAs SHALL use a Certificate serialNumber greater
> than zero (0) that exhibits at least 64 bits of entropy."
>
> Let's Encrypt would be happy to endorse such a ballot.
>
As would Google
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20160421/0ca8c71e/attachment.html 


More information about the Public mailing list