On Fri, Mar 8, 2019 at 3:10 AM Matt Palmer via dev-security-policy < [email protected]> wrote:
Having sequential serial numbers is not problematic. Having *predictable* > serial numbers is problematic. My problem with this is that, if we parse the english language constructs of the rule as stated in the BRs, the first requirement of a certificate serial number is literally "non-sequential Certificate serial numbers", and then furthermore that these must consist consist of at least 64 bits of output from a CSPRNG. Both your and Ryan Sleevi's comments seem to suggest that the non-sequential part doesn't really matter when it arises incidentally as long as they're randomly generated and that two certificates with certificate serial numbers off-by-one from each other would not be a problem. I am well aware of the reason for the entropy in the certificate serial number. What I'm having trouble with is that there can be no dispute that two certificates with serial numbers off by one from each other, no matter how you wind up getting there, are in fact sequential serial numbers and that this would appear to be forbidden explicitly. It seems that in reality that your perspective calls upon the CA to act according to the underlying risk that the rule attempts to mitigate rather than abide the literal text. That seems a really odd way to construe a rule. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
