gnutls_server_name_set and IDN
Simon Josefsson
simon at josefsson.org
Thu Sep 24 08:56:46 CEST 2009
Daniel Black <daniel at cacert.org> writes:
> On Thursday 24 September 2009 01:59:05 you wrote:
>> Improved now, thanks, see:
>>
>> http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=17edc60deccccfd93a12
>> 90e27f8643b68a6c2dda
>
> thank you. I'm assuming no mention of ACE because of reasons below.
Right.
>> > As the UTF-8/ ASCII error may be common is it beneficial to validate
>> > this input to check for >7F characters?
>>
>> ....not being able to interop
>> against such a server just because of a input sanitation code seems
>> overkill.
> ack.
>
> I assume people are passing UTF-8 to the socket connect method and then
> passing the same string to gnutls_server_name_set (IP or not). Which reminds
> me I need to find and IP address or not method out of socket structures.
Yes.
>> > Its clarify also simplifies it to the point that their is no mention
>> > of IDNA as an appropriate mechanism to convert encodings to ASCII. Was
>> > this intentional?
>>
>> Yes I think/hope so -- not mentioning IDNA specifically avoids
>> inheriting the problems associated with it: support of non-ASCII
>> hostnames then becomes entirely the IDNA specifications' problem.
>
> it totally leaves the implementer in the dark find that spec though. I guess
> once its approved, provide documentation on gnutls and see what happens.
Yes I think that is better. IDNA has implications for all protocols
that use domain names, and referencing IDNA from everywhere does not
necessarily improve anything.
/Simon
More information about the Gnutls-devel
mailing list