<html><head><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.apple-tab-span
{mso-style-name:apple-tab-span;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Courier New";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang="EN-US" link="blue" vlink="purple"><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Cantarell; font-size: 14.666667px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-tap-highlight-color: rgba(0, 0, 0, 0.4); -webkit-text-stroke-width: 0px; text-decoration: none;">On Thu, 2023-06-01 at 08:01 -0700, Job Cacka wrote:</div><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><div class="WordSection1" style="page: WordSection1;"><div><span style="font-family: "Courier New";">“</span>If certificates could be transmitted/stored in efficiently compressed (zipped) from,<br>theoretically one could save a couple of bytes by choosing as values<o:p></o:p></div><div>of low-entropy fields such as notBefore, notAfter, subject, and issuer<o:p></o:p></div><div>not only strings as short as possible, but also with a high portion of repeated chars,<o:p></o:p></div><div>such as<o:p></o:p></div><div><o:p> </o:p></div><pre style="margin: 0in 0in 0.0001pt; font-size: 10pt; font-family: "Courier New";"> Issuer: CN = 20010000000000efS<o:p></o:p></pre><pre style="margin: 0in 0in 0.0001pt; font-size: 10pt; font-family: "Courier New";"> Not Before: Nov 11 11:11:11 2023 GMT<o:p></o:p></pre><pre style="margin: 0in 0in 0.0001pt; font-size: 10pt; font-family: "Courier New";"> Not After : Nov 11 11:11:11 2025 GMT<o:p></o:p></pre><div><span style="font-family: "Courier New";">”</span></div><div><span style="font-family: "Courier New";"></span></div></div></blockquote><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Cantarell; font-size: 14.666667px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-tap-highlight-color: rgba(0, 0, 0, 0.4); -webkit-text-stroke-width: 0px; text-decoration: none;"><br></div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Cantarell; font-size: 14.666667px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-tap-highlight-color: rgba(0, 0, 0, 0.4); -webkit-text-stroke-width: 0px; text-decoration: none;">Intentionally repeating characters in a hash is a great way to provide the hash to be broken. As I recall there is something about repeating a character more than 3 times consecutively that decreases the effectiveness of the hash. So the use of the series of zero’s and the repeated pattern “11:” are probably bad for hash security. I am unsure if that matters in this context</div></blockquote><div><br></div><div>Of course, trying to change the signed contents (i.e., manipulating the hashed part) is <b>not</b> what I meant.<br>But:</div><ul><li>make sure that those low-entropy fields have "easily compressable" content<br>by taking advantage of inessential or repeated portions of those strings</li><li><b>then</b> let the CA sign the cert as usual</li><li>wherever size matters during storage and transfer, perform an efficient (likely custom) lossless compression on the cert</li><li><b>before</b> using the cert (for any validation stuff where the cert is involved), uncompress it to its <b>original</b> form</li></ul><div><br></div><div>Yet is mentioned, this hint is likely just theoretical/hypothetic,</div><div>because the receiving party would need to be able to handle (i.e., uncompress) such certs</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>David</div><div><br></div><div><br></div><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><div class="WordSection1"><p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p><div><div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b>From:</b> openssl-users <openssl-users-bounces@openssl.org> <b>On Behalf Of </b>David von Oheimb<br><b>Sent:</b> Thursday, June 1, 2023 12:00 AM<br><b>To:</b> Robert Moskowitz <rgm@htt-consult.com><br><b>Cc:</b> openssl-users@openssl.org<br><b>Subject:</b> Re: Can create a cert with no serial number?<o:p></o:p></p></div></div><p class="MsoNormal"><o:p> </o:p></p><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><div><p class="MsoNormal">Probably could cut more if I put the DET (a specific IPv6 address)<span class="apple-converted-space"> </span><o:p></o:p></p></div><div><p class="MsoNormal">somehow into subject rather than SAN flagged critical. <span class="apple-converted-space"> </span><o:p></o:p></p></div></blockquote><div><p class="MsoNormal"><o:p> </o:p></p></div><div><p class="MsoNormal">Generally, removing X.509v3 extensions helps save space, <o:p></o:p></p></div><div><p class="MsoNormal">yet replacing a SAN with an IPv6 address by a subject DN entry<o:p></o:p></p></div><div><p class="MsoNormal">simulating the value, e.g., in the CN would be counterproductive<br>because the binary representation in the SAN is more efficient.<br>Here is an example (ab-)using OpenSSL test credential material:<o:p></o:p></p></div><div><p class="MsoNormal"><o:p> </o:p></p></div><pre>openssl x509 -new -CA test/certs/server-ed25519-cert.pem \<o:p></o:p></pre><pre> -set_serial 2 -CAkey test/certs/server-ed25519-key.pem \<o:p></o:p></pre><pre> -force_pubkey test/certs/root-ed25519.pubkey.pem -subj / \<o:p></o:p></pre><pre> -extfile <(printf "subjectAltName = IP:2001:3F:FE3F:F805:A93E:53B7:2709:E0BA\n <o:p></o:p></pre><pre> subjectKeyIdentifier = none\n authorityKeyIdentifier = none") \<o:p></o:p></pre><pre> -days 365 -outform der | wc | awk '{ print $3 }'<o:p></o:p></pre><pre><span style="font-size:11.0pt">226</span><o:p></o:p></pre><pre><o:p> </o:p></pre><pre>openssl x509 -new -CA test/certs/server-ed25519-cert.pem \<o:p></o:p></pre><pre> -set_serial 2 -CAkey test/certs/server-ed25519-key.pem \<o:p></o:p></pre><pre> -force_pubkey test/certs/root-ed25519.pubkey.pem \<o:p></o:p></pre><pre> -subj "/CN=20013FFE3FF805A93E53B72709E0BA" \<o:p></o:p></pre><pre> -extfile <(printf "subjectKeyIdentifier = none\n authorityKeyIdentifier = none") \<o:p></o:p></pre><pre> -days 365 -outform der | wc | awk '{ print $3 }'<o:p></o:p></pre><pre>238<o:p></o:p></pre><div><p class="MsoNormal"><o:p> </o:p></p></div><div><p class="MsoNormal"><o:p> </o:p></p></div><div><p class="MsoNormal">Unfortunately you cannot drop the rather inessential notBefore field,<o:p></o:p></p></div><div><p class="MsoNormal">and the coding restrictions in RFC 5280<o:p></o:p></p></div><div><p class="MsoNormal">disallow using a shortened (possibly even empty) string there.<o:p></o:p></p></div><div><p class="MsoNormal"><o:p> </o:p></p></div><div><p class="MsoNormal">If certificates could be transmitted/stored in efficiently compressed (zipped) from,<br>theoretically one could save a couple of bytes by choosing as values<o:p></o:p></p></div><div><p class="MsoNormal">of low-entropy fields such as notBefore, notAfter, subject, and issuer<o:p></o:p></p></div><div><p class="MsoNormal">not only strings as short as possible, but also with a high portion of repeated chars,<o:p></o:p></p></div><div><p class="MsoNormal">such as<o:p></o:p></p></div><div><p class="MsoNormal"><o:p> </o:p></p></div><pre> Issuer: CN = 20010000000000efS<o:p></o:p></pre><pre> Not Before: Nov 11 11:11:11 2023 GMT<o:p></o:p></pre><pre> Not After : Nov 11 11:11:11 2025 GMT<o:p></o:p></pre><div><p class="MsoNormal"><o:p> </o:p></p></div><div><p class="MsoNormal"><span class="apple-tab-span"> </span>David<o:p></o:p></p></div><div><p class="MsoNormal"><o:p> </o:p></p></div><div><p class="MsoNormal"><o:p> </o:p></p></div><div><p class="MsoNormal">On Wed, 2023-05-31 at 14:19 -0400, Robert Moskowitz wrote:<o:p></o:p></p></div><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><div><p class="MsoNormal">Well, I got the DER down to 240 bytes by dropping all the constraints. <o:p></o:p></p></div><div><p class="MsoNormal">Probably could cut more if I put the DET (a specific IPv6 address) <o:p></o:p></p></div><div><p class="MsoNormal">somehow into subject rather than SAN flagged critical. For your review, <o:p></o:p></p></div><div><p class="MsoNormal">this is what I have come up with. This will replace what I currently <o:p></o:p></p></div><div><p class="MsoNormal">have in draft-moskowitz-drip-dki<o:p></o:p></p></div><div><p class="MsoNormal"><o:p> </o:p></p></div><div><p class="MsoNormal">Use of this cert will rely on the DNS structure we will be creating for <o:p></o:p></p></div><div><p class="MsoNormal">DRIP. For example to find the issuing cert, the CN below maps to a <o:p></o:p></p></div><div><p class="MsoNormal">specific FQDN that any DRIP compliant implementation will know to find. <o:p></o:p></p></div><div><p class="MsoNormal">And if this cert is not found in the matching ip6.arpa. fqdn it has been <o:p></o:p></p></div><div><p class="MsoNormal">revoked. This cert is 2x the size of the DRIP specific RATS-styled <o:p></o:p></p></div><div><p class="MsoNormal">Endorsement. Implementers will be able to choose their poison.<o:p></o:p></p></div><div><p class="MsoNormal"><o:p> </o:p></p></div><div><p class="MsoNormal">Certificate:<o:p></o:p></p></div><div><p class="MsoNormal"> Data:<o:p></o:p></p></div><div><p class="MsoNormal"> Version: 3 (0x2)<o:p></o:p></p></div><div><p class="MsoNormal"> Serial Number: 160 (0xa0)<o:p></o:p></p></div><div><p class="MsoNormal"> Signature Algorithm: ED25519<o:p></o:p></p></div><div><p class="MsoNormal"> Issuer: CN = 2001003ffe3ff805S<o:p></o:p></p></div><div><p class="MsoNormal"> Validity<o:p></o:p></p></div><div><p class="MsoNormal"> Not Before: May 21 00:00:00 2023 GMT<o:p></o:p></p></div><div><p class="MsoNormal"> Not After : May 24 00:00:00 2023 GMT<o:p></o:p></p></div><div><p class="MsoNormal"> Subject:<o:p></o:p></p></div><div><p class="MsoNormal"> Subject Public Key Info:<o:p></o:p></p></div><div><p class="MsoNormal"> Public Key Algorithm: ED25519<o:p></o:p></p></div><div><p class="MsoNormal"> ED25519 Public-Key:<o:p></o:p></p></div><div><p class="MsoNormal"> pub:<o:p></o:p></p></div><div><p class="MsoNormal"> bf:04:53:a0:11:20:ed:8e:65:1a:e9:f6:95:1a:82:<o:p></o:p></p></div><div><p class="MsoNormal"> 78:3d:a8:20:29:6a:33:8e:ff:d5:4a:0b:a8:46:a9:<o:p></o:p></p></div><div><p class="MsoNormal"> 98:75<o:p></o:p></p></div><div><p class="MsoNormal"> X509v3 extensions:<o:p></o:p></p></div><div><p class="MsoNormal"> X509v3 Subject Alternative Name: critical<o:p></o:p></p></div><div><p class="MsoNormal"> IP Address:2001:3F:FE3F:F805:A93E:53B7:2709:E0BA<o:p></o:p></p></div><div><p class="MsoNormal"> Signature Algorithm: ED25519<o:p></o:p></p></div><div><p class="MsoNormal"> Signature Value:<o:p></o:p></p></div><div><p class="MsoNormal"> d1:cd:bb:64:03:9e:95:1a:8c:fa:eb:59:a6:65:ff:bc:0f:39:<o:p></o:p></p></div><div><p class="MsoNormal"> e4:4f:ac:81:cf:c5:13:1e:62:e3:f1:bd:84:46:9c:5f:7c:52:<o:p></o:p></p></div><div><p class="MsoNormal"> ff:bd:3e:f8:e7:d4:9d:8d:38:fe:70:62:f9:9c:10:f1:aa:b0:<o:p></o:p></p></div><div><p class="MsoNormal"> 46:c8:92:f9:9b:1a:09:d0:d6:0f<o:p></o:p></p></div><div><p class="MsoNormal"><o:p> </o:p></p></div><div><p class="MsoNormal"><o:p> </o:p></p></div><div><p class="MsoNormal"><o:p> </o:p></p></div><div><p class="MsoNormal">On 5/31/23 13:36, Richard Levitte wrote:<o:p></o:p></p></div><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><div><p class="MsoNormal">The serial number is a defined field in the certificate structure.<o:p></o:p></p></div><div><p class="MsoNormal">It's not optional, so you can't get away from it.<o:p></o:p></p></div><div><p class="MsoNormal"><o:p> </o:p></p></div><div><p class="MsoNormal">In ASN.1 terms, it's an INTEGER. In DER terms, the smallest possible<o:p></o:p></p></div><div><p class="MsoNormal">INTEGER occupies 3 bytes (one for the tag, which is 02, one for the<o:p></o:p></p></div><div><p class="MsoNormal">length 01, and one value byte in the decimal range -128..127 (80..7F)).<o:p></o:p></p></div><div><p class="MsoNormal"><o:p> </o:p></p></div><div><p class="MsoNormal">Without the serial number (just like without any other non-optional<o:p></o:p></p></div><div><p class="MsoNormal">field), whatever you happen to produce will not be a recognisable<o:p></o:p></p></div><div><p class="MsoNormal">X.509 certificate.<o:p></o:p></p></div><div><p class="MsoNormal"><o:p> </o:p></p></div><div><p class="MsoNormal">That's it.<o:p></o:p></p></div><div><p class="MsoNormal"><o:p> </o:p></p></div><div><p class="MsoNormal">Cheers,<o:p></o:p></p></div><div><p class="MsoNormal" style="margin-bottom:12.0pt">Richard<br><br><br><o:p></o:p></p></div><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><div><p class="MsoNormal"><o:p> </o:p></p></div><div><p class="MsoNormal"> Am 31. Mai 2023 15:41:02 MESZ schrieb Robert Moskowitz <<a href="mailto:rgm@htt-consult.com">rgm@htt-consult.com</a>>:<o:p></o:p></p></div><div><p class="MsoNormal"> <o:p></o:p></p></div><div><p class="MsoNormal"> I tried putting in my conf:<o:p></o:p></p></div><div><p class="MsoNormal"> <o:p></o:p></p></div><div><p class="MsoNormal"> serial = none<o:p></o:p></p></div><div><p class="MsoNormal"> <o:p></o:p></p></div><div><p class="MsoNormal"> and that made an error.<o:p></o:p></p></div><div><p class="MsoNormal"> <o:p></o:p></p></div><div><p class="MsoNormal"> Best I have done is a serial of length 1 byte. But in my work, the subject or SAN provide uniqueness and CRLs will not be used. So want to see if I can create a cert with NO serial number.<o:p></o:p></p></div><div><p class="MsoNormal"> <o:p></o:p></p></div><div><p class="MsoNormal"> Thanks<o:p></o:p></p></div><div><p class="MsoNormal"><o:p> </o:p></p></div></blockquote></blockquote><div><p class="MsoNormal"><o:p> </o:p></p></div></blockquote></div></blockquote></body></html>