[cabfpub] Question about CN and SAN encoding

Tim Hollebeek tim.hollebeek at digicert.com
Thu May 24 09:04:52 MST 2018 

That one, and the related ones Ryan mentioned.  It’s a fun one.  Thanks for digging it up.

 

-Tim

 

From: Corey Bonnell [mailto:CBonnell at trustwave.com] 
Sent: Thursday, May 24, 2018 10:58 AM
To: Tim Hollebeek <tim.hollebeek at digicert.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>; Ryan Sleevi <sleevi at google.com>
Subject: Re: [cabfpub] Question about CN and SAN encoding

 

Hi Tim,

Are you referring to this bug that was discovered last year? https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7838

 

Thanks,

 

Corey Bonnell

Senior Software Engineer

t: +1 412.395.2233

 

Trustwave | SMART SECURITY ON DEMAND <http://www.trustwave.com/> 
www.trustwave.com

 

From: Public <public-bounces at cabforum.org <mailto:public-bounces at cabforum.org> > on behalf of Tim Hollebeek via Public <public at cabforum.org <mailto:public at cabforum.org> >
Reply-To: Tim Hollebeek <tim.hollebeek at digicert.com <mailto:tim.hollebeek at digicert.com> >, CA/Browser Forum Public Discussion List <public at cabforum.org <mailto:public at cabforum.org> >
Date: Wednesday, May 23, 2018 at 1:57 PM
To: Ryan Sleevi <sleevi at google.com <mailto:sleevi at google.com> >
Cc: CA/Browser Forum Public Discussion List <public at cabforum.org <mailto:public at cabforum.org> >
Subject: Re: [cabfpub] Question about CN and SAN encoding

 

I agree.  The ballot is not affected at all (it wasn’t mentioned in the first two sentences).

 

I believe your first two sentences are correct with respect to current versions of major browsers, but need a small caveat w.r.t. older versions of Firefox.

 

Corey can correct me if I’m wrong, but I was thinking of the Firefox display bugs we stumbled on when he found some spoofing issues with respect to display of xn-- domain components in Firefox.  Older versions of Firefox (circa last year?) had some errors in their logic.

 

Like I said, they’re pretty minor, but worth noting.

 

-Tim

 

From: Ryan Sleevi [mailto:sleevi at google.com] 
Sent: Wednesday, May 23, 2018 11:15 AM
To: Tim Hollebeek <tim.hollebeek at digicert.com <mailto:tim.hollebeek at digicert.com> >
Cc: CA/Browser Forum Public Discussion List <public at cabforum.org <mailto:public at cabforum.org> >; García Jimeno, Oscar <o-garcia at izenpe.eus <mailto:o-garcia at izenpe.eus> >
Subject: Re: [cabfpub] Question about CN and SAN encoding

 

 

 

On Wed, May 23, 2018 at 11:06 AM, Tim Hollebeek <tim.hollebeek at digicert.com <mailto:tim.hollebeek at digicert.com> > wrote:

With regards to the first two sentences, Firefox had some bugs in this area pretty recently, so if you aren’t on the latest version, you might experience issues.  They were relatively minor, though.

 

Could you provide a citation for this? I actually carefully watch all of those changes, and am not aware of any recent bugs that would overlap with the ballot or question. It's possible that you're referring to the logic for when A-Label to U-Labels are displayed, but that, if anything, is a very clear argument in favor of Ballot 202, and against U-Labels within CNs.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180524/24b0ee3f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20180524/24b0ee3f/attachment.p7s>

More information about the Public mailing list