On 2016-10-11 17:47, Victor Stinner wrote: > Ah, I read recently an article about IDNA: Firefox uses IDNA 2008, > Chrome uses IDNA 2003. Depending on the browser, you may or may not > reach the domain https://ssz.fr/ :-) > > So at least, the issue is not specific to Python. > > Is it possible to support both IDNA versions at the same time by > default? Or both versions are exclusive? > > Article in french: > https://linuxfr.org/news/bilan-a-un-an-des-domaines-fr-d-une-et-deux-lettres#domaines-internationaux
Yes, Chrome uses a wrong IDNA version, as do other libraries. PyOpenSSL and cryptography are working around the bug by using the idna Python package. It's too bad that nobody has contributed the code back to Python core. We can have different IDNA variants by giving each one a distinct name, e.g. idna2003, idna2008 etc. MvL layed out a plan for IDNA support in ticket https://bugs.python.org/issue17305 1. Python should implement both IDNA2008 and UTS#46, and keep IDNA2003 2. "idna" should become an alias for "idna2003". 3. The socket module and all other place that use the "idna" encoding should use "uts46" instead. 4. Pre-existing implementations of IDNA 2008 should be used as inspirations at best; Python will need a new implementation from scratch, one that puts all relevant tables into the unicodedata module if they aren't there already. This is in particular where the idna 0.1 library fails. The implementation should refer to the relevant parts of the specification, to be easily reviewable for correctness. Christian _______________________________________________ Security-SIG mailing list Security-SIG@python.org https://mail.python.org/mailman/listinfo/security-sig
