Hi,
Python has only IDNA 2003 support (international domain names). I'm
starting to consider Python's lack of IDNA 2008 support a security issue
for DNS lookups and for cert validation. Applications may connect to the
wrong IP address and validate the hostname, too. IDNA 2008 is mandatory
for German .de domains. See https://bugs.python.org/issue17305
Wrong:
>>> import socket
>>> u'straße.de'.encode('idna')
'strasse.de'
>>> socket.gethostbyname(u'straße.de'.encode('idna'))
'72.52.4.119'
Correct:
>>> import idna
>>> idna.encode(u'straße.de')
'xn--strae-oqa.de'
>>> socket.gethostbyname(idna.encode(u'straße.de'))
'81.169.145.78'
I neither have time nor expertise to implement IDNA 2008. The ticket
17305 is more than three years old, too.
Christian
_______________________________________________
Security-SIG mailing list
Security-SIG@python.org
https://mail.python.org/mailman/listinfo/security-sig
