W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2001

Re: X509SerialNumber schema

From: Tom Gindin <tgindin@us.ibm.com>
Date: Wed, 28 Mar 2001 12:11:47 -0500
To: "Glenn Adams" <gadams@vgi.com>
Cc: <kgold@watson.ibm.com>, <w3c-ietf-xmldsig@w3.org>
Message-ID: <OF9A87493D.D50084BD-ON85256A1D.005C9BF7@somers.hqregion.ibm.com>

     AFAIK there is at least one commercial CA vendor who
CHARACTERISTICALLY produces 128-bit or longer serial numbers with values
which do not appear to be sequentially assigned.  If you have an installed
copy of Netscape's browser, and look at the Class 3 Public Primary
Certification Authority from Verisign, you'll see a 128-bit serial number
starting with hex 7D.  I can only speculate how these numbers were actually
assigned - if you're interested you can ask somebody who really knows.
     I can't see any 160-bit values, and you can take that part of what I
told Ken as my vague and unreliable recollection.

          Tom Gindin

"Glenn Adams" <gadams@vgi.com>@w3.org on 03/28/2001 11:18:16 AM

Sent by:  w3c-ietf-xmldsig-request@w3.org

To:   <kgold@watson.ibm.com>
cc:   <w3c-ietf-xmldsig@w3.org>
Subject:  Re: X509SerialNumber schema

> Date: Fri, 9 Mar 2001 15:30:22 -0500
> Message-Id: <200103092030.PAA35236@alpha.watson.ibm.com>
> From: Ken Goldman <kgold@watson.ibm.com>
> To: w3c-ietf-xmldsig@w3.org
> Subject: X509SerialNumber schema


> Assuming that (1) is right - If I have an X509SerialNumber from a
> certificate that is a long string of bits (Tom Ginden mentioned back on
> July that some certificates use a hash value of 160 bits) doesn't the
> binary to decimal conversion become computationally painful.

Are you certain this hash is used for CertificateSerialNumber as opposed to
using it for
SubjectKeyIdentifier? RFC2459 Section describes such a hash to be
for SubectKeyIdentifier.

Glenn Adams
Received on Wednesday, 28 March 2001 12:11:53 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:10:04 UTC