Davide Brini wrote: > the serial number is just an (almost) arbitrarily large number. Why > would a CA choose such a serial number?
In order to avoid a chosen-prefix collision that works among other things by predicting the serial number of certificates generated by the CA. http://www.win.tue.nl/hashclash/rogue-ca/ https://documents.epfl.ch/users/l/le/lenstra/public/papers/lat.pdf //Peter
