Ah, I read recently an article about IDNA: Firefox uses IDNA 2008, Chrome uses IDNA 2003. Depending on the browser, you may or may not reach the domain https://ssz.fr/ :-)
So at least, the issue is not specific to Python. Is it possible to support both IDNA versions at the same time by default? Or both versions are exclusive? Article in french: https://linuxfr.org/news/bilan-a-un-an-des-domaines-fr-d-une-et-deux-lettres#domaines-internationaux Victor 2016-10-11 17:41 GMT+02:00 Christian Heimes <christ...@python.org>: > Hi, > > Python has only IDNA 2003 support (international domain names). I'm > starting to consider Python's lack of IDNA 2008 support a security issue > for DNS lookups and for cert validation. Applications may connect to the > wrong IP address and validate the hostname, too. IDNA 2008 is mandatory > for German .de domains. See https://bugs.python.org/issue17305 > > Wrong: > >>>> import socket >>>> u'straße.de'.encode('idna') > 'strasse.de' >>>> socket.gethostbyname(u'straße.de'.encode('idna')) > '72.52.4.119' > > Correct: >>>> import idna >>>> idna.encode(u'straße.de') > 'xn--strae-oqa.de' >>>> socket.gethostbyname(idna.encode(u'straße.de')) > '81.169.145.78' > > I neither have time nor expertise to implement IDNA 2008. The ticket > 17305 is more than three years old, too. > > Christian > _______________________________________________ > Security-SIG mailing list > Security-SIG@python.org > https://mail.python.org/mailman/listinfo/security-sig _______________________________________________ Security-SIG mailing list Security-SIG@python.org https://mail.python.org/mailman/listinfo/security-sig
