This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients Arfrever, christian.heimes, pitrou
Date 2013-05-18.14:35:43
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
It's called "internationalized domain name for APPLICATIONS". ;) It's up to the application to interpret the ASCII text as IDNA encoded FQDNs. As far as I know DNS, SSL's CNAME and OS interfaces etc. always use ASCII labels. It's an elegant solution. Just the UI part of an application needs to understand IDNA.

   If the DNS domain name portion of a reference identifier is an
   internationalized domain name, then an implementation MUST convert
   any U-labels [IDNA-DEFS] in the domain name to A-labels before
   checking the domain name.  In accordance with [IDNA-PROTO], A-labels
   MUST be compared as case-insensitive ASCII.  Each label MUST match in
   order for the domain names to be considered to match, except as
   supplemented by the rule about checking of wildcard labels
   (Section 6.4.3; but see also Section 7.2 regarding wildcards in
   internationalized domain names).

Coincidentally the same RFC contains matching rules for wild card certs

   If a client matches the reference identifier against a presented
   identifier whose DNS domain name portion contains the wildcard
   character '*', the following rules apply:

   1.  The client SHOULD NOT attempt to match a presented identifier in
       which the wildcard character comprises a label other than the
       left-most label (e.g., do not match bar.*

   2.  If the wildcard character is the only character of the left-most
       label in the presented identifier, the client SHOULD NOT compare
       against anything but the left-most label of the reference
       identifier (e.g., * would match but
       not or

   3.  The client MAY match a presented identifier in which the wildcard
       character is not the only character of the label (e.g.,
       baz* and * and b* would
       be taken to match and and, respectively).  However, the client SHOULD NOT
       attempt to match a presented identifier where the wildcard
       character is embedded within an A-label or U-label [IDNA-DEFS] of
       an internationalized domain name [IDNA-PROTO].
Date User Action Args
2013-05-18 14:35:44christian.heimessetrecipients: + christian.heimes, pitrou, Arfrever
2013-05-18 14:35:44christian.heimessetmessageid: <>
2013-05-18 14:35:44christian.heimeslinkissue17997 messages
2013-05-18 14:35:43christian.heimescreate