<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Mark,<br>
<br>
Thanks, but I am using EdDSA25519 already.<br>
<br>
<div class="moz-cite-prefix">On 5/31/23 10:19, Mark Hack wrote:<br>
</div>
<blockquote type="cite"
cite="mid:7214e515d38ff4db58118efcefc05bda8dd76b67.camel@markhack.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div>Robert</div>
<div><br>
</div>
<div>If your aim is to have very compact certifcates, look at
using elliptic curves and ECDSA instead of RSA certs. You could
use P224 curves but I do suggest that you use P256 instead which
do not cost a lot more in space and give you 128bit equivalent
strength.</div>
<div><br>
</div>
<div><br>
</div>
<div>Regards</div>
<div>Mark Hack</div>
<div><br>
</div>
<div>On Wed, 2023-05-31 at 15:55 +0200, Frank-Ulrich Sommer wrote:</div>
<blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px
#729fcf solid;padding-left:1ex">
<div>RFC5280 which specifies X.509 certificates states that the
serial number is a MUST field and it must be unique. By
limiting it to one byte the number of certificates should be
limited to 256.</div>
<div><br>
</div>
<div>As I can't see any significant advantage I would not risk
compatibility problems and just leave it as it is. A cert
without serial number could be at risk of beeing treated as
invalid.</div>
<div><br>
</div>
<div>Am 31. Mai 2023 15:41:02 MESZ schrieb Robert Moskowitz <<a
href="mailto:rgm@htt-consult.com" moz-do-not-send="true"
class="moz-txt-link-freetext">rgm@htt-consult.com</a>>:</div>
<blockquote type="cite" style="margin:0 0 0 .8ex;
border-left:2px #729fcf solid;padding-left:1ex">
<div>I tried putting in my conf:</div>
<div><br>
</div>
<div>serial = none</div>
<div><br>
</div>
<div>and that made an error.</div>
<div><br>
</div>
<div>Best I have done is a serial of length 1 byte. But in my
work, the subject or SAN provide uniqueness and CRLs will
not be used. So want to see if I can create a cert with NO
serial number.</div>
<div><br>
</div>
<div>Thanks</div>
<div><br>
</div>
<div><br>
</div>
</blockquote>
</blockquote>
</blockquote>
<br>
</body>
</html>