Ballot 164 – Certificate Serial Number Entropy

Ballot overview

• Ballot 164, Certificate Serial Number Entropy, was proposed by Jacob Hoffman-Andrews of Let’s Encrypt and endorsed by Ben Wilson of DigiCert and Tim Hollebeek of Trustwave.
• The ballot says it makes random serial-number generation a required best practice, replaces entropy with CSPRNG for clarity and auditability, and clarifies that the serial number must be positive.
• The ballot page states that voting has closed and the ballot passes.

Requirements added to the Baseline Requirements

• Add a definition for CSPRNG in Section 1.6.1.
• Replace the existing serial-number guidance in Section 7.1 with a requirement that, effective September 30, 2016, CAs shall generate certificate serial numbers greater than zero containing at least 64 bits of output from a CSPRNG.

Timing stated in the ballot

• The review period was to commence immediately and close at 2200 UTC on 1 July 2016.
• The voting period was to start immediately after the review period and close at 2200 UTC on 8 July 2016.

Context given in the statement of intent

• The ballot cites MD5 collision research and explains that random bits in certificate serial numbers help mitigate collision attacks.
• It says the Baseline Requirements had already encouraged random serial numbers and that this ballot makes that practice required.
• It also says the change is intended to make the Web PKI more robust against future weaknesses in hash functions.