After reading cloudflare’s proposal for CAs,
I would like to know if Letsencrypt will consider applying the following policy:
If the Certificate asserts the Policy Identifier of 220.127.116.11.2.99, then the CA MUST
generate non-sequential Certificate serial numbers that exhibit at least 20 bits of entropy.
This provides a way to make it more computationally expensive for an attacker to forge a digital certificate using SHA-1.