Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2017-December/151521.html below:

[Python-Dev] [ssl] The weird case of IDNA

• Previous message (by thread): [Python-Dev] [ssl] The weird case of IDNA
• Next message (by thread): [Python-Dev] [ssl] The weird case of IDNA
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2017-12-30 13:19, Skip Montanaro wrote:
> Guido wrote:
> 
>     This being a security issue I think it's okay to break 3.6. might
>     even backport to 3.5 if it's easy?
> 
> 
> Is it also a security issue with 2.x? If so, should a fix to 2.7 be
> contemplated?

IMO the IDNA encoding problem isn't a security issue per se. The ssl
module just cannot handle internationalized domain names at all. IDN
domains always fail to verify. Users may just be encouraged to disable
hostname verification.

On the other hand the use of IDNA 2003 and lack of IDNA 2008 support [1]
can be considered a security problem for German, Greek, Japanese,
Chinese and Korean domains [2]. I neither have resources nor expertise
to address the encoding issue.

Christian

[1] https://bugs.python.org/issue17305
[2] https://www.unicode.org/reports/tr46/#Transition_Considerations

• Previous message (by thread): [Python-Dev] [ssl] The weird case of IDNA
• Next message (by thread): [Python-Dev] [ssl] The weird case of IDNA
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4