Message278493
I'm considering lack of IDNA 2008 a security issue for applications that perform DNS lookups and X.509 cert validation. Applications may end up connecting to the wrong machine and even validate the cert correctly.
Wrong:
>>> import socket
>>> u'straße.de'.encode('idna')
'strasse.de'
>>> socket.gethostbyname(u'straße.de'.encode('idna'))
'72.52.4.119'
Correct:
>>> import idna
>>> idna.encode(u'straße.de')
'xn--strae-oqa.de'
>>> socket.gethostbyname(idna.encode(u'straße.de'))
'81.169.145.78' |
|
Date |
User |
Action |
Args |
2016-10-11 14:52:46 | christian.heimes | set | recipients:
+ christian.heimes, loewis, r.david.murray, underrun, berker.peksag, era, marten |
2016-10-11 14:52:46 | christian.heimes | set | messageid: <1476197566.37.0.459016304172.issue17305@psf.upfronthosting.co.za> |
2016-10-11 14:52:46 | christian.heimes | link | issue17305 messages |
2016-10-11 14:52:46 | christian.heimes | create | |
|