SSL flaws revealed at Black Hat
Posted Aug 7, 2009 10:27 UTC (Fri) by intgr
Parent article: SSL flaws revealed at Black Hat
The CAs should also stop signing such certificates, and revoke those that they have already issued, but that, of course, doesn't stop anyone from self-signing a certificate with a NUL byte in the domain name.
But what do you gain from creating self-signed certificates with the null byte? It was always possible to forge a self-signed certificate for any domain
, adding a null byte anywhere doesn't really help you. You can sign a certificate for www.paypal.com\0.thoughtcrime.org
just like you can sign one for www.paypal.com
to post comments)