Mini CRL are not a standard.
That said, using implementators agreement (based on whether high order
to low order bits are true serial number) one bit per certificate can be
assigned and the random prefix or appendage to the serial number
On Behalf Of Timothy J. Miller
Sent: Wednesday, December 31, 2008 9:43 AM
To: Russ Housley
Cc: Eric Rescorla; cfrg(_at_)irtf(_dot_)org; ietf-smime(_at_)imc(_dot_)org;
Subject: Re: Further MD5 breaks: Creating a rogue CA certificate
Russ Housley wrote:
I'm not sure I understand the issue here, but
they don't actually have to be totally randomized. You could use a
PRF so they were predictable to the CA.
That works. This works too: the serial number could be composed of
two parts, where the most significant bits are a counter and the
least significant bits are randomly generated.
How would Corestreet's miniCRL format fare under this?