[cabfpub] Random value reuse
Gervase Markham
gerv at mozilla.org
Mon Jul 31 08:01:36 MST 2017
On 28/07/17 14:53, Jeremy Rowley via Public wrote:
> I think the random value should be tied to a single communication
> without reuse. For example, a single email sent to the constructed
> emails, a single API call, a single phone call, etc. The random value
> shouldn’t be tied to a method, but should be tied to a specific
> communication from the CA that is tied to a request. By getting rid of
> the reuse language, we can simplify the process and eliminate the risk
> associated with reuse.
Right. New random values are cheap :-)
Gerv
More information about the Public
mailing list