On 08/21/2017 10:03 AM, Salz, Rich wrote:
If the root is going to be trusted, make its serial number be one. ☺
Otherwise use eight bytes of random as the serial number, if you follow CABF guidelines.
Kind of where my thinking is going. But once I make it '1', it might as
well be 1 byte rand! :)
Well 1 - 127 random...
But no need to make it 20 octets. Just leave it at 8. And yes, I can
see some jump on the 'save' 7 bytes bandwagon. Also why I have to work
out BER to compare that sizing to DER. Trying to do that today.
Bob
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users