On Wed, Mar 13, 2019 at 06:53:43PM -0700, William Ahern wrote: <snip> > The real issue here is that the EJBCA specification wasn't just a failure in > language precision, but was and remains entirely ill considered on this > score. If ASN.1 INTEGERs must now be 65 bits, it's a good bet that most if > not all software that expected to be able to convert a serial to a Java long > is broken. They haven't thought this through very well.
Correction: the latest EJBCA software defaults to 20 octets: http://blog.ejbca.org/2019/03/ And it looks like Apple, GoDaddy, and Google are now generating 16-octet or larger serials. Not sure where I got 65 bits from....
