oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: libesmtp does not check NULL bytes in commonName

From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Thu, 11 Mar 2010 16:20:48 +0100
Brian Stafford wrote:

[...]
I find myself coming back to RFC 2818 being a reasonable choice since it 
is flexible and (almost) clear, and since HTTPS, as a major user of TLS, 
is, I assume, well analysed for security implications wrt certificate 
validation. 


More fun:
https://bugzilla.mozilla.org/show_bug.cgi?id=159483


Is it the case that for STARTTLS in SMTP what we are really interested 
in is encrypting the data on the wire and authentication is only of 
secondary importance?


Encryption without authentication makes you prone to MITM.


Do we know what the best current practice is 
among CAs when it comes to issuing certificates for STARTTLS?


The most common implementation is to just allow the simple form
*.something so I'd assume that other patterns are rare in the wild.
The last commenter in the aforementioned Mozilla bug says that
*.*.appspot.com is actually used by Google though.

Anyways, the matching function in libesmtp certainly is good enough.
I was just surprised that wildcards at the right hand side are
allowed. What about the actual patch I sent though? :-)

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\   
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Previous By Date Next
Previous By Thread Next

Current thread: