[cabfpub] Pre-Ballot 164 - Certificate Serial Number Entropy
Kurt Roeckx
kurt at roeckx.be
Thu Apr 28 22:19:47 UTC 2016
On Fri, Feb 26, 2016 at 09:49:50PM +0000, Ben Wilson wrote:
> For discussion:
>
> Pre-Ballot 164 - Certificate Serial Number Entropy
>
> -- Motion Begins --
>
> In Section 7.1 of the Baseline Requirements,
>
> REPLACE
>
> "CAs SHOULD generate non-sequential Certificate serial numbers that exhibit
> at least 20 bits of entropy"
>
> WITH
>
> "Effective April 1, 2016, CAs SHALL use a Certificate serialNumber greater
> than zero (0) that contains at least 64 unpredictable bits."
>
> -- Motion Ends --
I'm wondering if we should add something that it should be the
output of a CSPRNG?
Kurt
More information about the Public
mailing list