Certificate serial number generation algorithms
Richard Levitte - VMS Whacker
levitte at stacken.kth.se
Mon Oct 11 12:28:59 EDT 2004
In message <20041011013122.73C4B7185 at sierra.rtfm.com> on Sun, 10 Oct 2004 18:16:21 -0700, Eric Rescorla <ekr at rtfm.com> said:
ekr> Does anyone know the details of the certificate generation
ekr> algorithms used by various CAs?
Variants I've heard of are:
- A simple counter starting at 0 (well, actually, I know this one, as
that's what OpenSSL does :-))
- A simple counter starting with a random value (OpenSSL has an
option for this).
- A time-based value (I don't recall who did that)
- A hash of some sort (I believe Verisign does that, among others)
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte \ Tunnlandsvägen 52 \ LeViMS at stacken.kth.se
Redakteur at Stacken \ S-168 36 BROMMA \ T: +46-708-26 53 44
\ SWEDEN \
Procurator Odiosus Ex Infernis -- poei at bofh.se
Member of the OpenSSL development team: http://www.openssl.org/
-----------------------------------------------------------------
A: Because it fouls the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list