Hodie pr. Id. Ian. MMXI, Mark H. Wood scripsit: > On Tue, Jan 11, 2011 at 07:23:54PM +0100, Erwann ABALEA wrote: > > In order to be referenced by browser vendors (Opera comes to mind, and > > I think Mozilla will require this), the serial number MUST be random > > (or at least *appear* random from the outside). > > Oh, now I'm curious. How do they test the randomness of a single > sample? "1" is every bit as random (or nonrandom) as > "0xdcb4a459f014617692d112f0942c89cb".
That's not how it's done. When you apply for your Root CA to be referenced in a product, you supply your CP and CPS, and audit results. That's the auditor's job to ask how the serial is generated, in order to check that you really do what you say you do. Lying during the audit is of course technically possible, but it will surely be discovered one day, and you'll lose your business. -- Erwann ABALEA <erwann.aba...@keynectis.com> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
