Are X.509 parsers supposed to check that the input is valid DER (as opposed to BER)? I haven't been able to find any implementation that does this. cc @BRIAN_____
-
-
Replying to @JethroGB
Both mozilla::pkix (C++) and webpki (Rust) do (try to), though they allow some exceptions (especially mozilla::pkix) for compatibility with existing certificates.
1 reply 0 retweets 0 likes -
Replying to @BRIAN_____
I checked the source of webpki and it doesn't look like it checks set ordering. I'll take another look at pkix
1 reply 0 retweets 0 likes -
Replying to @JethroGB @BRIAN_____
Well I guess webpki never parses distinguished names so maybe it doesn't need to.
2 replies 0 retweets 0 likes -
Replying to @JethroGB
Also, people are working on a DN parser for webpki. What's the (security) advantage to validating set ordering? Does it allow the user of the library to make any useful (effort-saving or otherwise) assumptions?
1 reply 0 retweets 0 likes -
Replying to @BRIAN_____
Technically, if you accept BER, a DN comparison (for e.g. chain building) is not just a simple memcmp
2 replies 0 retweets 0 likes -
Replying to @JethroGB @BRIAN_____
If you follow the full spec, a DN comparison is not a simple memcmp even if in DER. RFC 5280: "Conforming implementations MUST use the LDAP StringPrep profile as the basis for comparison of distinguished name attributes"
2 replies 0 retweets 0 likes
Really there's not much reason any more for a certificate authority to issue certificates where the subject/issuer names do not match byte-for-byte. StringPrep and character encoding conversion is overly complicated, thus leading to security bugs. memcmp's simplicity wins here.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.