[cabfpub] Ballot 164 - Certificate Serial Number Entropy

Moudrick M. Dadashov md at ssc.lt
Fri Jul 8 10:01:56 UTC 2016


SSC votes: "Yes".

Thanks,

M.D.


On 6/24/2016 6:17 PM, Ben Wilson wrote:
>
> *Ballot 164 - Certificate Serial Number Entropy*
>
> This ballot has been proposed by Jacob Hoffman-Andrews of Let's 
> Encrypt and endorsed by Ben Wilson of DigiCert and Tim Hollebeek of 
> Trustwave:
>
> *Statement of intent:*
>
> As demonstrated in 
> https://events.ccc.de/congress/2008/Fahrplan/attachments/1251_md5-collisions-1.0.pdf, 
> hash collisions can allow an attacker to forge a signature on the 
> certificate of their choosing. The birthday paradox means that, in the 
> absence of random bits, the security level of a hash function is half 
> what it should be. Adding random bits to issued certificates mitigates 
> collision attacks and means that an attacker must be capable of a much 
> harder preimage attack. For a long time the Baseline Requirements have 
> encouraged adding random bits to the serial number of a certificate, 
> and it is now common practice. This ballot makes that best practice 
> required, which will make the Web PKI much more robust against all 
> future weaknesses in hash functions. Additionally, it replaces 
> "entropy" with "CSPRNG" to make the requirement clearer and easier to 
> audit, and clarifies that the serial number must be positive.
>
> *-- Motion Begins --*
>
> In Section 1.6.1 of the Baseline Requirements,
>
> ADD
>
> CSPRNG: A random number generator intended for use in cryptographic 
> system.
>
> In Section 7.1 of the Baseline Requirements,
>
> REPLACE
>
> "CAs SHOULD generate non-sequential Certificate serial numbers that 
> exhibit at least 20 bits of entropy."
>
> WITH
>
> "Effective September 30, 2016, CAs SHALL generate Certificate serial 
> numbers greater than zero (0) containing at least 64 bits of output 
> from a CSPRNG."
>
> *-- Motion Ends --*
>
> The review period for this ballot shall commence immediately, and will 
> close at 2200 UTC on 1 July 2016. Unless the motion is withdrawn 
> during the review period, the voting period will start immediately 
> thereafter and will close at 2200 UTC on 8 July 2016. Votes must be 
> cast by posting an on-list reply to this thread.
>
> A vote in favor of the motion must indicate a clear 'yes' in the 
> response. A vote against must indicate a clear 'no' in the response. A 
> vote to abstain must indicate a clear 'abstain' in the response. 
> Unclear responses will not be counted. The latest vote received from 
> any representative of a voting member before the close of the voting 
> period will be counted. Voting members are listed here: 
> https://cabforum.org/members/
>
> In order for the motion to be adopted, two thirds or more of the votes 
> cast by members in the CA category and greater than 50% of the votes 
> cast by members in the browser category must be in favor. Quorum is 
> currently ten (10) members– at least ten members must participate in 
> the ballot, either by voting in favor, voting against, or abstaining.
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160708/1cf90a0c/attachment-0003.html>


More information about the Public mailing list