[Cryptography] Is it time for a revolution to replace TLS?

Wed Apr 16 17:28:51 EDT 2014

On Wed, Apr 16, 2014 at 01:19:09PM -0700, Judson Lester wrote:

> The example they present against X.509
> specifically has to do with the fact that DER allows for embedded
> nulls - and that C-related implementations don't properly handle that
> case.

It is not true that C "does "no handle" names with NUL bytes in
ASN.1 strings.  ASN.1 strings have a value *and* an explicit length,
which is all a C programmer needs to use them safely, the rest is
attention to detail.

The Postfix code for checking names in X.509 certificates checks
that any extra bytes after the first NUL in the ASN.1 string are
all also NUL (allowing at most NUL padding).

I could have published an advisory about potential NUL bytes in
X.509 peer names a year or two before the eventual public disclosure
by others, but the issue seemed to obvious to make a big fuss.  So
I just made sure the Postfix code was correct.

-- 
	Viktor.