Confirmed users, Administrators
5,526
edits
CA:CertificatePolicyV2.3: Difference between revisions
m
entropy
m (entropy) |
|||
| Line 84: | Line 84: | ||
** Change [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ Maintenance Policy] section 9 from: "all new end-entity certificates must contain at least 20 bits of unpredictable random data (preferably in the serial number)." | ** Change [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ Maintenance Policy] section 9 from: "all new end-entity certificates must contain at least 20 bits of unpredictable random data (preferably in the serial number)." | ||
** to "all new end-entity certificates must contain at least 20 bits of unpredictable random data in the serial number." | ** to "all new end-entity certificates must contain at least 20 bits of unpredictable random data in the serial number." | ||
** Discussion in [https://groups.google.com/d/msg/mozilla.dev.security.policy/3avqmSF4MVU/ZPFE0rIuAQAJ mozilla.dev.security.policy] sparked discussion in the CAB Forum regarding if the entropy requirements apply to root and intermediate certs. Need to check the result of this. | |||
* Remove duplication with the BRs. | * Remove duplication with the BRs. | ||
** [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/ Inclusion Policy] Duplication with the BRs: | ** [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/ Inclusion Policy] Duplication with the BRs: | ||