On Wed, 2 Nov 2016, Simon Josefsson wrote:

Switching from IDNA2003 to IDNA2008 requires thought.  They are not
compatible, and IDNA2008 requires pre-processing (e.g., UTS #46 [1]) to
be usable in practice.  Libidn2 does not implement any pre-processing,
it is a pure IDNA2008 implementation.

[1] http://www.unicode.org/reports/tr46/

Thanks for this Simon. I wasn't aware.

Based on this, I suppose my recommendation is that people simply switch off IDN support in curl builds until further notice to stay safe. The old way was open for trickery and the new way is incomplete.

--

 / daniel.haxx.se
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:  https://curl.haxx.se/mail/etiquette.html

Reply via email to