From 2a5910cd3afa671f806b72a6f238828b2a5e4ce1 Mon Sep 17 00:00:00 2001
From: Michael Richardson <mcr@sandelman.ca>
Date: Fri, 9 Feb 2024 10:31:54 -0500
Subject: [PATCH 1/3] proposal to make 8 bytes the lower limit, close #32

---
 draft-ietf-uta-tls13-iot-profile.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/draft-ietf-uta-tls13-iot-profile.md b/draft-ietf-uta-tls13-iot-profile.md
index a588863..4d75bc9 100644
--- a/draft-ietf-uta-tls13-iot-profile.md
+++ b/draft-ietf-uta-tls13-iot-profile.md
@@ -320,9 +320,10 @@ sections or even other specifications.
 
 ### Serial Number
 
-CAs MUST generate non-sequential serial numbers greater than zero
-(0) up to 20 octects from a cryptographically secure
-pseudo-random number generator. The serial number MUST be unique
+CAs MUST generate non-sequential serial numbers greater than eight
+(8) octects from a cryptographically secure pseudo-random number generator.
+{{!RFC5280}} limits this field to a maximum of 20 octets.
+The serial number MUST be unique
 for each certificate issued by a given CA (i.e., the issuer name
 and the serial number uniquely identify a certificate).
 

From 3864bab742ff07c7228c904aac83a618c7862dd8 Mon Sep 17 00:00:00 2001
From: Michael Richardson <mcr@sandelman.ca>
Date: Fri, 9 Feb 2024 10:33:51 -0500
Subject: [PATCH 2/3] inclusive of 8 bytes

---
 draft-ietf-uta-tls13-iot-profile.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/draft-ietf-uta-tls13-iot-profile.md b/draft-ietf-uta-tls13-iot-profile.md
index 4d75bc9..ed4f98a 100644
--- a/draft-ietf-uta-tls13-iot-profile.md
+++ b/draft-ietf-uta-tls13-iot-profile.md
@@ -320,7 +320,7 @@ sections or even other specifications.
 
 ### Serial Number
 
-CAs MUST generate non-sequential serial numbers greater than eight
+CAs MUST generate non-sequential serial numbers greater than or equal to eight
 (8) octects from a cryptographically secure pseudo-random number generator.
 {{!RFC5280}} limits this field to a maximum of 20 octets.
 The serial number MUST be unique

From 5786612126003b5979ee99252e2e5f2df076f138 Mon Sep 17 00:00:00 2001
From: Michael Richardson <mcr@sandelman.ca>
Date: Fri, 9 Feb 2024 10:34:10 -0500
Subject: [PATCH 3/3] fix typo

Co-authored-by: Hannes Tschofenig <hannes.tschofenig@gmx.net>
---
 draft-ietf-uta-tls13-iot-profile.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/draft-ietf-uta-tls13-iot-profile.md b/draft-ietf-uta-tls13-iot-profile.md
index ed4f98a..1e651a8 100644
--- a/draft-ietf-uta-tls13-iot-profile.md
+++ b/draft-ietf-uta-tls13-iot-profile.md
@@ -321,7 +321,7 @@ sections or even other specifications.
 ### Serial Number
 
 CAs MUST generate non-sequential serial numbers greater than or equal to eight
-(8) octects from a cryptographically secure pseudo-random number generator.
+(8) octets from a cryptographically secure pseudo-random number generator.
 {{!RFC5280}} limits this field to a maximum of 20 octets.
 The serial number MUST be unique
 for each certificate issued by a given CA (i.e., the issuer name