[issue17305] IDNA2008 encoding missing

Christian Heimes Tue, 11 Oct 2016 07:53:03 -0700

Christian Heimes added the comment:

I'm considering lack of IDNA 2008 a security issue for applications that 
perform DNS lookups and X.509 cert validation. Applications may end up 
connecting to the wrong machine and even validate the cert correctly.


Wrong:

>>> import socket
>>> u'straße.de'.encode('idna')
'strasse.de'
>>> socket.gethostbyname(u'straße.de'.encode('idna'))
'72.52.4.119'

Correct:
>>> import idna
>>> idna.encode(u'straße.de')
'xn--strae-oqa.de'
>>> socket.gethostbyname(idna.encode(u'straße.de'))
'81.169.145.78'

----------
priority: high -> critical
type: enhancement -> security

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue17305>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue17305] IDNA2008 encoding missing

Reply via email to