<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.apple-tab-span
{mso-style-name:apple-tab-span;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Courier New";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-family:"Courier New"'>“</span>If certificates could be transmitted/stored in efficiently compressed (zipped) from,<br>theoretically one could save a couple of bytes by choosing as values<o:p></o:p></p><p class=MsoNormal>of low-entropy fields such as notBefore, notAfter, subject, and issuer<o:p></o:p></p><p class=MsoNormal>not only strings as short as possible, but also with a high portion of repeated chars,<o:p></o:p></p><p class=MsoNormal>such as<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><pre> Issuer: CN = 20010000000000efS<o:p></o:p></pre><pre> Not Before: Nov 11 11:11:11 2023 GMT<o:p></o:p></pre><pre> Not After : Nov 11 11:11:11 2025 GMT<o:p></o:p></pre><p class=MsoNormal><span style='font-family:"Courier New"'>”<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'>Intentionally repeating characters in a hash is a great way to provide the hash to be broken. As I recall there is something about repeating a character more than 3 times consecutively that decreases the effectiveness of the hash. So the use of the series of zero’s and the repeated pattern “11:” are probably bad for hash security. I am unsure if that matters in this context however. <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'>Thanks,<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'> Job<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> openssl-users <openssl-users-bounces@openssl.org> <b>On Behalf Of </b>David von Oheimb<br><b>Sent:</b> Thursday, June 1, 2023 12:00 AM<br><b>To:</b> Robert Moskowitz <rgm@htt-consult.com><br><b>Cc:</b> openssl-users@openssl.org<br><b>Subject:</b> Re: Can create a cert with no serial number?<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><blockquote style='border:none;border-left:solid #729FCF 1.5pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><p class=MsoNormal>Probably could cut more if I put the DET (a specific IPv6 address)<span class=apple-converted-space> </span><o:p></o:p></p></div><div><p class=MsoNormal>somehow into subject rather than SAN flagged critical. <span class=apple-converted-space> </span><o:p></o:p></p></div></blockquote><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Generally, removing X.509v3 extensions helps save space, <o:p></o:p></p></div><div><p class=MsoNormal>yet replacing a SAN with an IPv6 address by a subject DN entry<o:p></o:p></p></div><div><p class=MsoNormal>simulating the value, e.g., in the CN would be counterproductive<br>because the binary representation in the SAN is more efficient.<br>Here is an example (ab-)using OpenSSL test credential material:<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><pre>openssl x509 -new -CA test/certs/server-ed25519-cert.pem \<o:p></o:p></pre><pre> -set_serial 2 -CAkey test/certs/server-ed25519-key.pem \<o:p></o:p></pre><pre> -force_pubkey test/certs/root-ed25519.pubkey.pem -subj / \<o:p></o:p></pre><pre> -extfile <(printf "subjectAltName = IP:2001:3F:FE3F:F805:A93E:53B7:2709:E0BA\n <o:p></o:p></pre><pre> subjectKeyIdentifier = none\n authorityKeyIdentifier = none") \<o:p></o:p></pre><pre> -days 365 -outform der | wc | awk '{ print $3 }'<o:p></o:p></pre><pre><span style='font-size:11.0pt'>226</span><o:p></o:p></pre><pre><o:p> </o:p></pre><pre>openssl x509 -new -CA test/certs/server-ed25519-cert.pem \<o:p></o:p></pre><pre> -set_serial 2 -CAkey test/certs/server-ed25519-key.pem \<o:p></o:p></pre><pre> -force_pubkey test/certs/root-ed25519.pubkey.pem \<o:p></o:p></pre><pre> -subj "/CN=20013FFE3FF805A93E53B72709E0BA" \<o:p></o:p></pre><pre> -extfile <(printf "subjectKeyIdentifier = none\n authorityKeyIdentifier = none") \<o:p></o:p></pre><pre> -days 365 -outform der | wc | awk '{ print $3 }'<o:p></o:p></pre><pre>238<o:p></o:p></pre><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Unfortunately you cannot drop the rather inessential notBefore field,<o:p></o:p></p></div><div><p class=MsoNormal>and the coding restrictions in RFC 5280<o:p></o:p></p></div><div><p class=MsoNormal>disallow using a shortened (possibly even empty) string there.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>If certificates could be transmitted/stored in efficiently compressed (zipped) from,<br>theoretically one could save a couple of bytes by choosing as values<o:p></o:p></p></div><div><p class=MsoNormal>of low-entropy fields such as notBefore, notAfter, subject, and issuer<o:p></o:p></p></div><div><p class=MsoNormal>not only strings as short as possible, but also with a high portion of repeated chars,<o:p></o:p></p></div><div><p class=MsoNormal>such as<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><pre> Issuer: CN = 20010000000000efS<o:p></o:p></pre><pre> Not Before: Nov 11 11:11:11 2023 GMT<o:p></o:p></pre><pre> Not After : Nov 11 11:11:11 2025 GMT<o:p></o:p></pre><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><span class=apple-tab-span> </span>David<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>On Wed, 2023-05-31 at 14:19 -0400, Robert Moskowitz wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #729FCF 1.5pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><p class=MsoNormal>Well, I got the DER down to 240 bytes by dropping all the constraints. <o:p></o:p></p></div><div><p class=MsoNormal>Probably could cut more if I put the DET (a specific IPv6 address) <o:p></o:p></p></div><div><p class=MsoNormal>somehow into subject rather than SAN flagged critical. For your review, <o:p></o:p></p></div><div><p class=MsoNormal>this is what I have come up with. This will replace what I currently <o:p></o:p></p></div><div><p class=MsoNormal>have in draft-moskowitz-drip-dki<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Use of this cert will rely on the DNS structure we will be creating for <o:p></o:p></p></div><div><p class=MsoNormal>DRIP. For example to find the issuing cert, the CN below maps to a <o:p></o:p></p></div><div><p class=MsoNormal>specific FQDN that any DRIP compliant implementation will know to find. <o:p></o:p></p></div><div><p class=MsoNormal>And if this cert is not found in the matching ip6.arpa. fqdn it has been <o:p></o:p></p></div><div><p class=MsoNormal>revoked. This cert is 2x the size of the DRIP specific RATS-styled <o:p></o:p></p></div><div><p class=MsoNormal>Endorsement. Implementers will be able to choose their poison.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Certificate:<o:p></o:p></p></div><div><p class=MsoNormal> Data:<o:p></o:p></p></div><div><p class=MsoNormal> Version: 3 (0x2)<o:p></o:p></p></div><div><p class=MsoNormal> Serial Number: 160 (0xa0)<o:p></o:p></p></div><div><p class=MsoNormal> Signature Algorithm: ED25519<o:p></o:p></p></div><div><p class=MsoNormal> Issuer: CN = 2001003ffe3ff805S<o:p></o:p></p></div><div><p class=MsoNormal> Validity<o:p></o:p></p></div><div><p class=MsoNormal> Not Before: May 21 00:00:00 2023 GMT<o:p></o:p></p></div><div><p class=MsoNormal> Not After : May 24 00:00:00 2023 GMT<o:p></o:p></p></div><div><p class=MsoNormal> Subject:<o:p></o:p></p></div><div><p class=MsoNormal> Subject Public Key Info:<o:p></o:p></p></div><div><p class=MsoNormal> Public Key Algorithm: ED25519<o:p></o:p></p></div><div><p class=MsoNormal> ED25519 Public-Key:<o:p></o:p></p></div><div><p class=MsoNormal> pub:<o:p></o:p></p></div><div><p class=MsoNormal> bf:04:53:a0:11:20:ed:8e:65:1a:e9:f6:95:1a:82:<o:p></o:p></p></div><div><p class=MsoNormal> 78:3d:a8:20:29:6a:33:8e:ff:d5:4a:0b:a8:46:a9:<o:p></o:p></p></div><div><p class=MsoNormal> 98:75<o:p></o:p></p></div><div><p class=MsoNormal> X509v3 extensions:<o:p></o:p></p></div><div><p class=MsoNormal> X509v3 Subject Alternative Name: critical<o:p></o:p></p></div><div><p class=MsoNormal> IP Address:2001:3F:FE3F:F805:A93E:53B7:2709:E0BA<o:p></o:p></p></div><div><p class=MsoNormal> Signature Algorithm: ED25519<o:p></o:p></p></div><div><p class=MsoNormal> Signature Value:<o:p></o:p></p></div><div><p class=MsoNormal> d1:cd:bb:64:03:9e:95:1a:8c:fa:eb:59:a6:65:ff:bc:0f:39:<o:p></o:p></p></div><div><p class=MsoNormal> e4:4f:ac:81:cf:c5:13:1e:62:e3:f1:bd:84:46:9c:5f:7c:52:<o:p></o:p></p></div><div><p class=MsoNormal> ff:bd:3e:f8:e7:d4:9d:8d:38:fe:70:62:f9:9c:10:f1:aa:b0:<o:p></o:p></p></div><div><p class=MsoNormal> 46:c8:92:f9:9b:1a:09:d0:d6:0f<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>On 5/31/23 13:36, Richard Levitte wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #729FCF 1.5pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><p class=MsoNormal>The serial number is a defined field in the certificate structure.<o:p></o:p></p></div><div><p class=MsoNormal>It's not optional, so you can't get away from it.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>In ASN.1 terms, it's an INTEGER. In DER terms, the smallest possible<o:p></o:p></p></div><div><p class=MsoNormal>INTEGER occupies 3 bytes (one for the tag, which is 02, one for the<o:p></o:p></p></div><div><p class=MsoNormal>length 01, and one value byte in the decimal range -128..127 (80..7F)).<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Without the serial number (just like without any other non-optional<o:p></o:p></p></div><div><p class=MsoNormal>field), whatever you happen to produce will not be a recognisable<o:p></o:p></p></div><div><p class=MsoNormal>X.509 certificate.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>That's it.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Cheers,<o:p></o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'>Richard<br><br><br><o:p></o:p></p></div><blockquote style='border:none;border-left:solid #729FCF 1.5pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal> Am 31. Mai 2023 15:41:02 MESZ schrieb Robert Moskowitz <<a href="mailto:rgm@htt-consult.com">rgm@htt-consult.com</a>>:<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal> I tried putting in my conf:<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal> serial = none<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal> and that made an error.<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal> Best I have done is a serial of length 1 byte. But in my work, the subject or SAN provide uniqueness and CRLs will not be used. So want to see if I can create a cert with NO serial number.<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal> Thanks<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div></blockquote></blockquote><div><p class=MsoNormal><o:p> </o:p></p></div></blockquote></div></body></html>