Merry Certmas! CN=*\x00thoughtcrime.noisebridge.net
Victor Duchovni
Victor.Duchovni at morganstanley.com
Wed Sep 30 15:57:40 EDT 2009
On Tue, Sep 29, 2009 at 10:51:33PM -0700, Jacob Appelbaum wrote:
> It's been long enough that everyone should be patched for this awesome
> class of bugs. This certificate and corresponding private key should
> help people test fairly obscure software or software they've written
> themselves. I hope this release will help with confirmation of the bug
> and with regression testing. Feel free to use this certificate for
> anything relating to free software too. Consider it released into the
> public domain of interesting integers.
If anyone is curious about the impact of this on the Postfix TLS engine
(March 2006, version 2.3.0 and later releases):
1. Postfix checks subject domains obtained from either subjectAltName or CN
to ensure that the ASN.1 string object length is equal to the C string
length. Certificates that fail this test are considered anonymous. These
checks were added in the Spring of 2005 when the contributed TLS patch
adopted in the 2.2 release was significantly extended and revised.
2. Postfix only matches *.example.com certificates against single-label
sub-domains of example.com. Thus for example, the Postini wild-card
certificate for:
*.psmtp.com
does not match (say Verisign's), MX records of the form:
verisign.com. IN MX 100 verisign.com.s6a1.psmtp.com.
verisign.com. IN MX 200 verisign.com.s6a2.psmtp.com.
verisign.com. IN MX 300 verisign.com.s6b1.psmtp.com.
verisign.com. IN MX 400 verisign.com.s6b2.psmtp.com.
(Postfix also does not, for "secure-channel" destinations, trust DNS
enough to let MX records influence the name expected in a peer
certificate. So Postini's wildcard certificate is perhaps only useful
with other sending systems).
So a "*" certificate will never match any peer domain.
Bottom line, this issue does not impact the Postfix secure-channel TLS
use case.
--
Viktor.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list