[cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy
Dimitris Zacharopoulos
jimmy at it.auth.gr
Fri Apr 22 08:22:51 UTC 2016
On 21/4/2016 4:07 πμ, Jacob Hoffman-Andrews wrote:
> I think the question of how to define entropy or CSPRNGs is a really
> good one, but I think the core of this ballot, changing a SHOULD to a
> SHALL, is too important to hold up on that complex question. How about
> a version which is strictly no more ambiguous that the current version:
>
> "Effective April 1, 2016, CAs SHALL use a Certificate serialNumber
> greater than zero (0) that exhibits at least 64 bits of entropy."
>
> Let's Encrypt would be happy to endorse such a ballot.
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
In order to make this rule a little clearer, we suggest changing it to:
"Effective XXXX, 2016, CAs SHALL use a Certificate serialNumber greater
than zero (0) that exhibits at least 64 bits of entropy for all issued
certificates, including CA certificates".
Since this discussion begun in February, I suppose the effective date
will be adjusted accordingly to a date after the ballot and not "April
1, 2016".
Dimitris.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160422/7576dbcb/attachment-0003.html>
More information about the Public
mailing list