Re: Confusion due to lax use of terminology in RFC?
No, you're thinking of something more akin to an incrementing serial there.
So you might have
That's the approach that *used* to be in place. But, it has a number of issues. You cannot guarantee that a situation will never arise where you mistakenly use the same serial twice - for example, if your process crashes mid-issuance, and then another cert is issued, you may have a part-issued cert, and a fully issued cert (for someone else) sharing serial number "3" (or whatever). There are various possibilities in that area.
It also potentially poses an issue if you're distributing your issuance system globally, though that's more easily addressable by inserting a region into the serial.
What the RFC requires is that CAs include a minimum of 64 bits entropy in the serial (some CAs weren't affected by this issue because they were already using more). The serial can be more than just that entropy though, so you might choose to keep your increment and append the entropy to the end
Now, if you have the same issue with a crash (or whatever) you may get two certs allocated "3" but the likelihood of their serials being identical is incredibly small.
> if its like other serial number would it not be partitioned
There's no partitioning no, there aren't ranges allocated out like with (say) Mac Addresses. It's literally the output of a RNG, the issue here is the reduced the namespace by forcing one bit to be a specific value (by discarding all results where that wasn't the case)