as far as I read the text from the RFC, they are talkin about non-negative
numbers. So the range is from 0 to 2^(159)-1 because the one bit missing
indicates a negative number.
> -----Ursprüngliche Nachricht-----
> Von: [hidden email] > [mailto:[hidden email]]Im Auftrag von Richard Levitte
> Gesendet: Montag, 18. Juli 2005 15:42
> An: [hidden email] > Cc: Jorey Bump
> Betreff: Re: Max length of serial number
> Jorey Bump writes:
> > And RFC 3280 has this to say:
> > 22.214.171.124 Serial number
> > The serial number MUST be a positive integer assigned by
> the CA to
> > each certificate. It MUST be unique for each
> certificate issued by a
> > given CA (i.e., the issuer name and serial number
> identify a unique
> > certificate). CAs MUST force the serialNumber to be a
> > integer.
> > Given the uniqueness requirements above, serial numbers can be
> > expected to contain long integers. Certificate users
> MUST be able to
> > handle serialNumber values up to 20 octets. Conformant
> CAs MUST NOT
> > use serialNumber values longer than 20 octets.
> > Note: Non-conforming CAs may issue certificates with
> serial numbers
> > that are negative, or zero. Certificate users SHOULD be
> prepared to
> > gracefully handle such certificates.
> > I guess this limits serial numbers to 20 numeric characters,
> You do realise, don't you, that 20 octets isn't the same as
> 20 numeric
> This means that your serial number span is 0 to 2^(8*20)-1,
> which is 2^160
> different value. That's enough to give every atom in the
> known universe a
> few certs each. I bet that's enough for your purposes :-).
> Please consider sponsoring my work on free software.
> See http://www.free.lp.se/sponsoring.html for details.
> Richard Levitte [hidden email] > http://richard.levitte.org/ >
> "When I became a man I put away childish things, including
> the fear of childishness and the desire to be very grown up."
> -- C.S. Lewis
> OpenSSL Project http://www.openssl.org > User Support Mailing List [hidden email] > Automated List Manager [hidden email] >