At Tue, 30 Dec 2008 16:05:56 -0600,
Timothy J. Miller wrote:
[1 <text/plain; ISO-8859-1 (7bit)>]
Eric Rescorla wrote:
At Tue, 30 Dec 2008 12:53:06 -0800,
Paul Hoffman wrote:
Your recollection may be off. I believe I was the person who brought
up the serial number hack at the mic, and I'm pretty sure I said
"some", not "many" (and certainly not "most"!). When I looked at a
handful of popular CAs earlier this week, I only found a few who are
using randomization in their serial numbers.
I don't know whether many or most do it. IMO everyone should.
Randomizing serial numbers has implications for OCSP operations,
particularly those that use presigned responses in order to optimize
performance.
Why presign? Because for a large network with varying levels of
support, it may be easier to move around sets of pre-produced responses
to distributed keyless OCSP responders than to guarantee connectivity to
a keyed OCSP service.
Why presign batches rather than individual responses? Because for a
large PKI the response pre-production time can exceed the CRL update
frequency.
I'm not sure I understand the issue here, but
they don't actually have to be totally randomized. You could use a
PRF so they were predictable to the CA.
-Ekr