gnutls_server_name_set and IDN

Simon Josefsson simon at josefsson.org
Thu Sep 24 08:56:46 CEST 2009


Daniel Black <daniel at cacert.org> writes:

> On Thursday 24 September 2009 01:59:05 you wrote:
>> Improved now, thanks, see:
>> 
>> http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=17edc60deccccfd93a12
>> 90e27f8643b68a6c2dda
>
> thank you. I'm assuming no mention of ACE because of reasons below.

Right.

>> > As the UTF-8/ ASCII error may be common is it beneficial to validate
>> > this input to check for >7F characters?
>> 
>> ....not being able to interop
>> against such a server just because of a input sanitation code seems
>> overkill.
> ack.
>
> I assume people are passing UTF-8 to the socket connect method and then 
> passing the same string to gnutls_server_name_set (IP or not). Which reminds 
> me I need to find and IP address or not method out of socket structures.

Yes.

>> > Its clarify also simplifies it to the point that their is no mention
>> > of IDNA as an appropriate mechanism to convert encodings to ASCII. Was
>> > this intentional?
>> 
>> Yes I think/hope so -- not mentioning IDNA specifically avoids
>> inheriting the problems associated with it: support of non-ASCII
>> hostnames then becomes entirely the IDNA specifications' problem.
>
> it totally leaves the implementer in the dark find that spec though. I guess 
> once its approved, provide documentation on gnutls and see what happens.

Yes I think that is better.  IDNA has implications for all protocols
that use domain names, and referencing IDNA from everywhere does not
necessarily improve anything.

/Simon





More information about the Gnutls-devel mailing list