Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment Re:Are CA's that stupid? (Score 1) 280

No, they're not that stupid.

But the standards around this aren't exactly models of clarity.

In general, *hostnames* must be characters. And DNS entries that point to websites should also conform to hostnames. But DNS strings can be *anything*. Yes, they can be arbitrary strings of bytes, as long as the top-level domain is valid. The null is legal. Keep in mind that the CA is signing a DNS entry, which may be used for something different than web security.

The problem, as actually stated in the summary, is in the clients. They think they have a character string - they don't. They have a byte buffer of a certain length, and the clients should not be using null-termination based software to process the buffer.

Slashdot Top Deals

Men love to wonder, and that is the seed of science.

Working...