Author christian.heimes
Recipients berker.peksag, christian.heimes, era, loewis, marten, r.david.murray, underrun
Date 2016-10-11.14:52:46
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1476197566.37.0.459016304172.issue17305@psf.upfronthosting.co.za>
In-reply-to
Content
I'm considering lack of IDNA 2008 a security issue for applications that perform DNS lookups and X.509 cert validation. Applications may end up connecting to the wrong machine and even validate the cert correctly.

Wrong:

>>> import socket
>>> u'straße.de'.encode('idna')
'strasse.de'
>>> socket.gethostbyname(u'straße.de'.encode('idna'))
'72.52.4.119'

Correct:
>>> import idna
>>> idna.encode(u'straße.de')
'xn--strae-oqa.de'
>>> socket.gethostbyname(idna.encode(u'straße.de'))
'81.169.145.78'
History
Date User Action Args
2016-10-11 14:52:46christian.heimessetrecipients: + christian.heimes, loewis, r.david.murray, underrun, berker.peksag, era, marten
2016-10-11 14:52:46christian.heimessetmessageid: <1476197566.37.0.459016304172.issue17305@psf.upfronthosting.co.za>
2016-10-11 14:52:46christian.heimeslinkissue17305 messages
2016-10-11 14:52:46christian.heimescreate