[cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy

Kurt Roeckx kurt at roeckx.be
Thu Apr 28 22:19:47 UTC 2016


On Fri, Feb 26, 2016 at 09:49:50PM +0000, Ben Wilson wrote:
> For discussion:
> 
> Pre-Ballot 164 - Certificate Serial Number Entropy 
> 
> -- Motion Begins -- 
> 
> In Section 7.1 of the Baseline Requirements, 
> 
> REPLACE 
> 
> "CAs SHOULD generate non-sequential Certificate serial numbers that exhibit
> at least 20 bits of entropy" 
> 
> WITH 
> 
> "Effective April 1, 2016, CAs SHALL use a Certificate serialNumber greater
> than zero (0) that contains at least 64 unpredictable bits." 
> 
> -- Motion Ends -- 

I'm wondering if we should add something that it should be the
output of a CSPRNG?


Kurt




More information about the Public mailing list