Re: Confusion due to lax use of terminology in RFC?
>The issue is that serial number length must be at least 64-bits and a positive integer.
RFC5820 does not mandate a minimum length for the serial number, just a maximum length.
Addendix C gives examples using serial numbers: 17, 18 and 256. the length of the serial number field in the certificates being 8, 8 and 16 bits respectively.
In fact, given what we know now, example C.3 seems to have been given to show that the Serial Number field is signed, as 16 bits are used to encode the 8 bit value.