On Friday 23 Apr 2010 00:34:38 Peter Stuge wrote:
> Davide Brini wrote:
> > the serial number is just an (almost) arbitrarily large number. Why
> > would a CA choose such a serial number?
>
> In order to avoid a chosen-prefix collision that works among other
> things by predicting the serial numb
Davide Brini wrote:
> the serial number is just an (almost) arbitrarily large number. Why
> would a CA choose such a serial number?
In order to avoid a chosen-prefix collision that works among other
things by predicting the serial number of certificates generated by
the CA.
http://www.win.tue.nl/
(moving to -devel as this is obviously pertains there more than -users)
On Thursday 22 April 2010, Davide Brini wrote:
> > > RFC 5280 says that "certificate users MUST be able to handle
> > > serialNumber values up to 20 octets", so a 16-byte value looks valid to
> > > me. I would say (without lo
