Some Certificate Authorities sign certificates that contain embedded NUL characters in the Common Name or subjectAltName fields of ITU-T X.509 certificates. Applications that would treat such X.509 strings as NUL-terminated C strings (rather than strings that contain an explicit length field) would only check the part up to and excluding the NUL character, so that certificate names such as www.good.example