It's a Presidential Mandate, Feds use it. How come you are not using FDE?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sat Jan 20 04:10:47 EST 2007
Victor Duchovni <Victor.Duchovni at MorganStanley.com> writes:
>It took reading the code to determine the following:
>
> - ASN.1 Strings extracted from X.509v3 certs are not validated for
> conformance with the declared character syntax. Strings of type
> PrintableString or IA5String may hold non-printable or non-ASCII
> data.
Just a word in OpenSSL's defence, see the X.509 Style Guide for the reasoning
behind this. I don't think any ASN.1-using security toolkit since TIPEM has
done character-set checking, it would fail to verify a large chunk of the
certs out there (I once had a TIPEM user complain to me that they had to stop
using it specifically because it would reject invalid character strings, which
encompassed a nontrivial portion of their user base).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list