Certificate serial number generation algorithms

Richard Levitte - VMS Whacker levitte at stacken.kth.se
Mon Oct 11 12:28:59 EDT 2004


In message <20041011013122.73C4B7185 at sierra.rtfm.com> on Sun, 10 Oct 2004 18:16:21 -0700, Eric Rescorla <ekr at rtfm.com> said:

ekr> Does anyone know the details of the certificate generation
ekr> algorithms used by various CAs?

Variants I've heard of are:

 - A simple counter starting at 0 (well, actually, I know this one, as
   that's what OpenSSL does :-))
 - A simple counter starting with a random value (OpenSSL has an
   option for this).
 - A time-based value (I don't recall who did that)
 - A hash of some sort (I believe Verisign does that, among others)

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.

-- 
Richard Levitte   \ Tunnlandsvägen 52 \ LeViMS at stacken.kth.se
Redakteur at Stacken  \ S-168 36  BROMMA  \ T: +46-708-26 53 44
                    \      SWEDEN       \
Procurator Odiosus Ex Infernis                -- poei at bofh.se
Member of the OpenSSL development team: http://www.openssl.org/

-----------------------------------------------------------------
A: Because it fouls the order in which people normally read text. 
Q: Why is top-posting such a bad thing? 
A: Top-posting. 
Q: What is the most annoying thing on usenet and in e-mail?

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list