Merry Certmas! CN=*\x00thoughtcrime.noisebridge.net

Victor Duchovni Victor.Duchovni at morganstanley.com
Wed Sep 30 15:57:40 EDT 2009 

On Tue, Sep 29, 2009 at 10:51:33PM -0700, Jacob Appelbaum wrote:

> It's been long enough that everyone should be patched for this awesome
> class of bugs. This certificate and corresponding private key should
> help people test fairly obscure software or software they've written
> themselves. I hope this release will help with confirmation of the bug
> and with regression testing. Feel free to use this certificate for
> anything relating to free software too. Consider it released into the
> public domain of interesting integers.

If anyone is curious about the impact of this on the Postfix TLS engine
(March 2006, version 2.3.0 and later releases):

1. Postfix checks subject domains obtained from either subjectAltName or CN
   to ensure that the ASN.1 string object length is equal to the C string
   length. Certificates that fail this test are considered anonymous. These
   checks were added in the Spring of 2005 when the contributed TLS patch
   adopted in the 2.2 release was significantly extended and revised.

2. Postfix only matches *.example.com certificates against single-label
   sub-domains of example.com. Thus for example, the Postini wild-card
   certificate for:

	*.psmtp.com

   does not match (say Verisign's), MX records of the form:

	verisign.com.      IN      MX      100 verisign.com.s6a1.psmtp.com.
	verisign.com.      IN      MX      200 verisign.com.s6a2.psmtp.com.
	verisign.com.      IN      MX      300 verisign.com.s6b1.psmtp.com.
	verisign.com.      IN      MX      400 verisign.com.s6b2.psmtp.com.

   (Postfix also does not, for "secure-channel" destinations, trust DNS
    enough to let MX records influence the name expected in a peer
    certificate. So Postini's wildcard certificate is perhaps only useful
    with other sending systems).

   So a "*" certificate will never match any peer domain.

Bottom line, this issue does not impact the Postfix secure-channel TLS
use case.

-- 
	Viktor.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list