Become a fan of Slashdot on Facebook


Forgot your password?

Comment Re:Are CA's that stupid? (Score 1) 280

No, they're not that stupid.

But the standards around this aren't exactly models of clarity.

In general, *hostnames* must be characters. And DNS entries that point to websites should also conform to hostnames. But DNS strings can be *anything*. Yes, they can be arbitrary strings of bytes, as long as the top-level domain is valid. The null is legal. Keep in mind that the CA is signing a DNS entry, which may be used for something different than web security.

The problem, as actually stated in the summary, is in the clients. They think they have a character string - they don't. They have a byte buffer of a certain length, and the clients should not be using null-termination based software to process the buffer.

Slashdot Top Deals

I judge a religion as being good or bad based on whether its adherents become better people as a result of practicing it. - Joe Mullally, computer salesman