Cert Serial Numbers should be random, not incremental

[diogomonica]

Even though MD5 is not being used by certificate_authority not making it vulnerable to [http://lwn.net/Articles/314997/], maybe the randomization of serial numbers should be the default option (or at least, an option).

[cchandler]

Right now the generation of serial numbers is left entirely to the implementing user. I've been considering serial number generation strategies so the user could offer a 'hook' implementation so certificate_authority could draw the next available number.

The tricky part of serial numbers is they are the only reference used in OCSP verification, so they have to be guaranteed unique across signing entities. Though just picking random numbers is likely to never collide, it's an edge case that should be known.