Re: [Python-Dev] [ssl] The weird case of IDNA

> On 31 Dec 2017, at 18:07, Nathaniel Smith wrote: > > On Dec 31, 2017 7:37 AM, "Stephen J. Turnbull" > > wrote: > Nathaniel Smith writes: > > > Issue 1: Python's built-in IDNA implementation

Re: [Python-Dev] [ssl] The weird case of IDNA

On Sun, Dec 31, 2017 at 05:51:47PM -0800, Nathaniel Smith wrote: > On Sun, Dec 31, 2017 at 5:39 PM, Steven D'Aprano wrote: > > On Sun, Dec 31, 2017 at 09:07:01AM -0800, Nathaniel Smith wrote: > > > >> This is another reason why we ought to let users do their own IDNA handling

Re: [Python-Dev] [ssl] The weird case of IDNA

On Mon, Jan 1, 2018 at 12:39 PM, Steven D'Aprano wrote: > On Sun, Dec 31, 2017 at 09:07:01AM -0800, Nathaniel Smith wrote: > >> This is another reason why we ought to let users do their own IDNA handling >> if they want... > > I expect that letting users do their own IDNA

Re: [Python-Dev] [ssl] The weird case of IDNA

On Sun, Dec 31, 2017 at 5:39 PM, Steven D'Aprano wrote: > On Sun, Dec 31, 2017 at 09:07:01AM -0800, Nathaniel Smith wrote: > >> This is another reason why we ought to let users do their own IDNA handling >> if they want... > > I expect that letting users do their own IDNA

Re: [Python-Dev] [ssl] The weird case of IDNA

On Sun, Dec 31, 2017 at 09:07:01AM -0800, Nathaniel Smith wrote: > This is another reason why we ought to let users do their own IDNA handling > if they want... I expect that letting users do their own IDNA handling will correspond to not doing any IDNA handling at all. -- Steve

Re: [Python-Dev] [ssl] The weird case of IDNA

On Dec 31, 2017 7:37 AM, "Stephen J. Turnbull" < turnbull.stephen...@u.tsukuba.ac.jp> wrote: Nathaniel Smith writes: > Issue 1: Python's built-in IDNA implementation is wrong (implements > IDNA 2003, not IDNA 2008). Is "wrong" the right word here? I'll grant you that 2008 is *better*, but

Re: [Python-Dev] [ssl] The weird case of IDNA

Nathaniel Smith writes: > Issue 1: Python's built-in IDNA implementation is wrong (implements > IDNA 2003, not IDNA 2008). Is "wrong" the right word here? I'll grant you that 2008 is *better*, but typically in practice versions coexist for years. Ie, is there no backward compatibility issue

Re: [Python-Dev] [ssl] The weird case of IDNA

On Sat, 30 Dec 2017 23:27:04 -0800 Nathaniel Smith wrote: > > We can bikeshed what the new name should be. Maybe set_sni_callback? > or set_server_hostname_callback, since the corresponding client-mode > argument is server_hostname? Or set_idna_servername_callback(). Regards

Re: [Python-Dev] [ssl] The weird case of IDNA

On Sat, Dec 30, 2017 at 2:28 AM, Antoine Pitrou wrote: > On Fri, 29 Dec 2017 21:54:46 +0100 > Christian Heimes wrote: >> >> On the other hand ssl module is currently completely broken. It converts >> hostnames from bytes to text with 'idna' codec in

Re: [Python-Dev] [ssl] The weird case of IDNA

On Sat, Dec 30, 2017 at 7:26 AM, Stephen J. Turnbull wrote: > Christian Heimes writes: > > Questions: > > - Is everybody OK with breaking backwards compatibility? The risk is > > small. ASCII-only domains are not affected > > That's not quite true, as your

[Python-Dev] [ssl] The weird case of IDNA

Christian Heimes writes: > tl;dr > This mail is about internationalized domain names and TLS/SSL. It > doesn't concern you if you live in ASCII-land. Me and a couple of other > developers like to change the ssl module in a backwards-incompatible way > to fix IDN support for TLS/SSL. Yes

Re: [Python-Dev] [ssl] The weird case of IDNA

ssl.match_hostname was added in Python 2.7.9, looks like Python 2 should be fixed as well. On Sat, Dec 30, 2017 at 3:50 PM Antoine Pitrou wrote: > > Thanks. So the change sounds ok to me. > > Regards > > Antoine. > > > On Sat, 30 Dec 2017 14:34:04 +0100 > Christian Heimes

Re: [Python-Dev] [ssl] The weird case of IDNA

Thanks. So the change sounds ok to me. Regards Antoine. On Sat, 30 Dec 2017 14:34:04 +0100 Christian Heimes wrote: > On 2017-12-30 11:28, Antoine Pitrou wrote: > > On Fri, 29 Dec 2017 21:54:46 +0100 > > Christian Heimes wrote: > >> > >> On the

Re: [Python-Dev] [ssl] The weird case of IDNA

On 2017-12-30 13:19, Skip Montanaro wrote: > Guido wrote: > > This being a security issue I think it's okay to break 3.6. might > even backport to 3.5 if it's easy? > > > Is it also a security issue with 2.x? If so, should a fix to 2.7 be > contemplated? IMO the IDNA encoding problem

Re: [Python-Dev] [ssl] The weird case of IDNA

On 2017-12-30 11:28, Antoine Pitrou wrote: > On Fri, 29 Dec 2017 21:54:46 +0100 > Christian Heimes wrote: >> >> On the other hand ssl module is currently completely broken. It converts >> hostnames from bytes to text with 'idna' codec in some places, but not >> in all. The

Re: [Python-Dev] [ssl] The weird case of IDNA

Guido wrote: This being a security issue I think it's okay to break 3.6. might even backport to 3.5 if it's easy? Is it also a security issue with 2.x? If so, should a fix to 2.7 be contemplated? Skip ___ Python-Dev mailing list Python-Dev@python.org

Re: [Python-Dev] [ssl] The weird case of IDNA

On Fri, 29 Dec 2017 21:54:46 +0100 Christian Heimes wrote: > > On the other hand ssl module is currently completely broken. It converts > hostnames from bytes to text with 'idna' codec in some places, but not > in all. The SSLSocket.server_hostname attribute and callback

Re: [Python-Dev] [ssl] The weird case of IDNA

This being a security issue I think it's okay to break 3.6. might even backport to 3.5 if it's easy? On Dec 29, 2017 1:59 PM, "Christian Heimes" wrote: > Hi, > > tl;dr > This mail is about internationalized domain names and TLS/SSL. It > doesn't concern you if you live in

[Python-Dev] [ssl] The weird case of IDNA

Hi, tl;dr This mail is about internationalized domain names and TLS/SSL. It doesn't concern you if you live in ASCII-land. Me and a couple of other developers like to change the ssl module in a backwards-incompatible way to fix IDN support for TLS/SSL. Simply speaking the IDNA standards