Ryan Sleevi via dev-security-policy <dev-security-policy@lists.mozilla.org> writes:
>In https://bugzilla.mozilla.org/show_bug.cgi?id=1593814 , Rob Stradling, >Jeremy Rowley, and I started discussing possible steps that might be taken to >prevent misencoding strings in certificates Is there any official position on strings that have completely invalid encodings like embedded NULL characters in them (presumably in memoriam of the Kaminsky/Marlinspike certificate-spoofing bug) as one of Microsoft's CA certificates among numerous others do? Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy