Merge pull request #45 from thomas-fossati/serial-number-entropy

proposal to make 8 bytes the lower limit
thomas-fossati · Feb 9, 2024 · efec8ce · efec8ce
2 parents e2b687e + 5786612
commit efec8ce
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/draft-ietf-uta-tls13-iot-profile.md b/draft-ietf-uta-tls13-iot-profile.md
@@ -320,9 +320,10 @@ sections or even other specifications.
 
 ### Serial Number
 
-CAs MUST generate non-sequential serial numbers greater than zero
-(0) up to 20 octects from a cryptographically secure
-pseudo-random number generator. The serial number MUST be unique
+CAs MUST generate non-sequential serial numbers greater than or equal to eight
+(8) octets from a cryptographically secure pseudo-random number generator.
+{{!RFC5280}} limits this field to a maximum of 20 octets.
+The serial number MUST be unique
 for each certificate issued by a given CA (i.e., the issuer name
 and the serial number uniquely identify a certificate).