From debbugs-submit-bounces@debbugs.gnu.org Sun Apr 23 23:13:57 2017 Received: (at submit) by debbugs.gnu.org; 24 Apr 2017 03:13:57 +0000 Received: from localhost ([127.0.0.1]:36990 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1d2URl-0003fC-OK for submit@debbugs.gnu.org; Sun, 23 Apr 2017 23:13:57 -0400 Received: from eggs.gnu.org ([208.118.235.92]:52141) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1d2URk-0003f0-AP for submit@debbugs.gnu.org; Sun, 23 Apr 2017 23:13:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d2URe-0008Fz-0J for submit@debbugs.gnu.org; Sun, 23 Apr 2017 23:13:47 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:54678) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d2URd-0008Fv-Sv for submit@debbugs.gnu.org; Sun, 23 Apr 2017 23:13:45 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:43110) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d2URc-0001zB-SC for bug-gnu-emacs@gnu.org; Sun, 23 Apr 2017 23:13:45 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d2URZ-0008Ek-LX for bug-gnu-emacs@gnu.org; Sun, 23 Apr 2017 23:13:44 -0400 Received: from hermes.netfonds.no ([80.91.224.195]:59530) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1d2URZ-0008Cr-FA for bug-gnu-emacs@gnu.org; Sun, 23 Apr 2017 23:13:41 -0400 Received: from cm-84.213.17.174.getinternet.no ([84.213.17.174] helo=stories) by hermes.netfonds.no with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1d2URM-0000tp-Dl for bug-gnu-emacs@gnu.org; Mon, 24 Apr 2017 05:13:30 +0200 From: Lars Ingebrigtsen To: bug-gnu-emacs@gnu.org Subject: 26.0.50; The network security manager doesn't understand IDNA domains Date: Mon, 24 Apr 2017 05:13:28 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) If you type `M-x eww RET https://=D0=B0=D1=80=D1=80=D3=8F=D0=B5.com RET', t= he NSM will then say: "certificate host doesn't match hostname" That's an IDNA domain that expands to https://www.xn--80ak6aa92e.com/, which does have a valid certificate, so this is a bug. If instead say `M-x eww RET https://www.xn--80ak6aa92e.com/ RET' you get no warnings. In GNU Emacs 26.0.50 (build 2, x86_64-pc-linux-gnu, GTK+ Version 3.14.5) of 2017-04-13 built on stories Repository revision: 4e77ff0d45b88cade7836c01344cd8d892adfde8 Windowing system distributor 'The X.Org Foundation', version 11.0.11604000 System Description: Debian GNU/Linux 8.7 (jessie) --=20 (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 13 09:18:58 2018 Received: (at 26634) by debbugs.gnu.org; 13 Apr 2018 13:18:58 +0000 Received: from localhost ([127.0.0.1]:49278 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f6ybN-00042Y-KQ for submit@debbugs.gnu.org; Fri, 13 Apr 2018 09:18:58 -0400 Received: from hermes.netfonds.no ([80.91.224.195]:51415) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f6ybH-00042L-JP for 26634@debbugs.gnu.org; Fri, 13 Apr 2018 09:18:51 -0400 Received: from 46.67.12.60.tmi.telenormobil.no ([46.67.12.60] helo=corrigan) by hermes.netfonds.no with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1f6ybB-00042l-4q for 26634@debbugs.gnu.org; Fri, 13 Apr 2018 15:18:46 +0200 Received: from larsi by corrigan with local (Exim 4.89) (envelope-from ) id 1f6yb5-0000Fo-9b for 26634@debbugs.gnu.org; Fri, 13 Apr 2018 15:18:35 +0200 From: Lars Ingebrigtsen To: 26634@debbugs.gnu.org Subject: Re: bug#26634: 26.0.50; The network security manager doesn't understand IDNA domains References: Date: Fri, 13 Apr 2018 15:18:35 +0200 In-Reply-To: (Lars Ingebrigtsen's message of "Mon, 24 Apr 2017 05:13:28 +0200") Message-ID: <8736zz8ct0.fsf@mouse.gnus.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 26634 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Lars Ingebrigtsen writes: > If you type `M-x eww RET https://=D0=B0=D1=80=D1=80=D3=8F=D0=B5.com RET',= the NSM will then say: > > "certificate host doesn't match hostname" Hm... Now Emacs refuses to load that URL completely... --=20 (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 13 10:44:26 2018 Received: (at 26634) by debbugs.gnu.org; 13 Apr 2018 14:44:26 +0000 Received: from localhost ([127.0.0.1]:50678 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f6zw7-0006MZ-0S for submit@debbugs.gnu.org; Fri, 13 Apr 2018 10:44:26 -0400 Received: from hermes.netfonds.no ([80.91.224.195]:53242) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f6zw1-0006ML-Ej for 26634@debbugs.gnu.org; Fri, 13 Apr 2018 10:44:21 -0400 Received: from 46.67.12.60.tmi.telenormobil.no ([46.67.12.60] helo=corrigan) by hermes.netfonds.no with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1f6zvv-0006Sl-El for 26634@debbugs.gnu.org; Fri, 13 Apr 2018 16:44:15 +0200 Received: from larsi by corrigan with local (Exim 4.89) (envelope-from ) id 1f6zvp-0000w2-Js for 26634@debbugs.gnu.org; Fri, 13 Apr 2018 16:44:05 +0200 From: Lars Ingebrigtsen To: 26634@debbugs.gnu.org Subject: Re: bug#26634: 26.0.50; The network security manager doesn't understand IDNA domains References: <8736zz8ct0.fsf@mouse.gnus.org> Date: Fri, 13 Apr 2018 16:44:05 +0200 In-Reply-To: <8736zz8ct0.fsf@mouse.gnus.org> (Lars Ingebrigtsen's message of "Fri, 13 Apr 2018 15:18:35 +0200") Message-ID: <87sh7zgo96.fsf@mouse.gnus.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 26634 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Lars Ingebrigtsen writes: > Lars Ingebrigtsen writes: > >> If you type `M-x eww RET https://=D0=B0=D1=80=D1=80=D3=8F=D0=B5.com RET'= , the NSM will then say: >> >> "certificate host doesn't match hostname" > > Hm... Now Emacs refuses to load that URL completely... OK; I've now fixed recent breakages so that we can access https://=D0=B0=D1=80=D1=80=D3=8F=D0=B5.com again. Now the question is... what do we do about this in the network security manager. If you go to that domain in Firefox, for instance, it won't say that there's anything wrong with it... because it isn't. It's a totally normal domain name consisting of ASCII characters and a CYRILLIC SMALL LETTER PALOCHKA instead of the L. `puny-highly-restrictive-domain-p' is not triggered for the domain, so eww doesn't signal anything wrong with it, either. So... Do we say "fine, this is all fine" or do we ... do something? :-) Opinions welcome. --=20 (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 13 11:03:54 2018 Received: (at 26634) by debbugs.gnu.org; 13 Apr 2018 15:03:54 +0000 Received: from localhost ([127.0.0.1]:50711 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f70Ew-0006sF-QI for submit@debbugs.gnu.org; Fri, 13 Apr 2018 11:03:54 -0400 Received: from mail-wr0-f175.google.com ([209.85.128.175]:33680) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f70Er-0006ry-KB for 26634@debbugs.gnu.org; Fri, 13 Apr 2018 11:03:49 -0400 Received: by mail-wr0-f175.google.com with SMTP id z73so8945106wrb.0 for <26634@debbugs.gnu.org>; Fri, 13 Apr 2018 08:03:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:mail-copies-to:gmane-reply-to-list :date:in-reply-to:message-id:mime-version:content-transfer-encoding; bh=8DZ7HRBmQf/sSfb/HUGGnpTScyM1SZAME/vvc1IK+Uw=; b=f2NjNHl7s8Av055+QBYpJmy/qylQW85UwraV+9+U83uMZ6ZCYrzZ05gbZJWh6LZP9F iifTgKwxJsKjPEeM1nZVRZOlgGYBIExL8uc6qQOf+QzsVzXoCAcBIvKKRY86TcgdSSk8 A12fl+pHWnFIQ/5jaTGJ+m9I2hO5LQIoBf5DCjW83bCxPI08OBlj9kyfAcTRsY9dzvUN 9MRIUwQQtRVyY/XdCOHw/EXMY2005yKB4A5ARqPblly+6LbtgYayZnEP1VpduNTEdFK8 GcG5x4mR/GFK88R5BAeiVMcYtE0fxcyuucynQH7IukVUTRA/9Q8gPmvh13nNGZdTvUvU tEgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:mime-version :content-transfer-encoding; bh=8DZ7HRBmQf/sSfb/HUGGnpTScyM1SZAME/vvc1IK+Uw=; b=AaKFQloTmSfXwELGOmcQfb9xZmx9/VLM/U4FApaThV2kSXATVd9tEgn8O1J8GJHdfl 7hGET2r3i/fUe1Nfv99CNcVsBRYJDKPbGmeA1LXMAw1gy7QZCMVd5rA62agcT9Vis/zA h34nKO+DiTc4FKJIzcTZSoCL9VgjCLMubV5wILk1hp3hMIqXrGMali8PDYca/DuiYuof v9KOiOddhmCT7xFwx6X9gBFkUkYKk9TULd4iwWDOU9Zxtviu+Fut72UvQW0bliQKpSE4 HwxJT5b0aP1vh5MwSGL3qnKMXwZXqMqIjO3WkIzdw0mcxySDXrd4pt8P86VEmxq+kZzU Rpzg== X-Gm-Message-State: ALQs6tAYdDGNHG4/B/kIcFRn2PnQXZiTobMPvyKpaFhNwhqMm7KtU1YG ydYWrutz9yMeBMjs0VpJ9PQhNq61IaU= X-Google-Smtp-Source: AIpwx49bUMnC/ZDkIaYlWZgkhd5QUi69FGKlEWnNOMGBIAD5sytcBRbRphC74NuIlEcDOE1OXTKEKg== X-Received: by 10.28.20.140 with SMTP id 134mr3705558wmu.87.1523631819520; Fri, 13 Apr 2018 08:03:39 -0700 (PDT) Received: from rpluim-ubuntu ([149.5.228.1]) by smtp.gmail.com with ESMTPSA id 55sm12201710wrw.52.2018.04.13.08.03.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 13 Apr 2018 08:03:38 -0700 (PDT) From: Robert Pluim To: Lars Ingebrigtsen Subject: Re: bug#26634: 26.0.50; The network security manager doesn't understand IDNA domains References: <8736zz8ct0.fsf@mouse.gnus.org> <87sh7zgo96.fsf@mouse.gnus.org> X-Debbugs-No-Ack: yes Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Fri, 13 Apr 2018 17:03:37 +0200 In-Reply-To: <87sh7zgo96.fsf@mouse.gnus.org> (Lars Ingebrigtsen's message of "Fri, 13 Apr 2018 16:44:05 +0200") Message-ID: <874lkfm9me.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 26634 Cc: 26634@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Lars Ingebrigtsen writes: > Lars Ingebrigtsen writes: > >> Lars Ingebrigtsen writes: >> >>> If you type `M-x eww RET https://=D0=B0=D1=80=D1=80=D3=8F=D0=B5.com RET= ', the NSM will then say: >>> >>> "certificate host doesn't match hostname" >> >> Hm... Now Emacs refuses to load that URL completely... > > OK; I've now fixed recent breakages so that we can access > https://=D0=B0=D1=80=D1=80=D3=8F=D0=B5.com again. > > Now the question is... what do we do about this in the network security > manager. > > If you go to that domain in Firefox, for instance, it won't say that > there's anything wrong with it... because it isn't. It's a totally > normal domain name consisting of ASCII characters and a CYRILLIC SMALL > LETTER PALOCHKA instead of the L. > That=CA=BCs not what you have there. The first component of your FQDN is 100% cyrillic. Did you mean ? (FWIW, chrome is supposed to detect the 100% cyrillic case, but doesn=CA=BCt as far as I can tell) > `puny-highly-restrictive-domain-p' is not triggered for the domain, so > eww doesn't signal anything wrong with it, either. > > So... Do we say "fine, this is all fine" or do we ... do something? > :-) Opinions welcome. In emacs-26, when I try eww on https://app=D3=8Fe.com, I get Loading https://xn--appe-xre.com/... which is already an indication that something fishy is going on. Robert From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 13 11:20:15 2018 Received: (at 26634) by debbugs.gnu.org; 13 Apr 2018 15:20:15 +0000 Received: from localhost ([127.0.0.1]:50748 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f70Ui-0000o5-3x for submit@debbugs.gnu.org; Fri, 13 Apr 2018 11:20:15 -0400 Received: from hermes.netfonds.no ([80.91.224.195]:53701) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f70Ue-0000nu-9M for 26634@debbugs.gnu.org; Fri, 13 Apr 2018 11:20:07 -0400 Received: from 46.67.12.60.tmi.telenormobil.no ([46.67.12.60] helo=corrigan) by hermes.netfonds.no with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1f70UY-0004aJ-99 for 26634@debbugs.gnu.org; Fri, 13 Apr 2018 17:20:03 +0200 Received: from larsi by corrigan with local (Exim 4.89) (envelope-from ) id 1f70US-0001I2-3p for 26634@debbugs.gnu.org; Fri, 13 Apr 2018 17:19:52 +0200 From: Lars Ingebrigtsen To: 26634@debbugs.gnu.org Subject: Re: bug#26634: 26.0.50; The network security manager doesn't understand IDNA domains References: <8736zz8ct0.fsf@mouse.gnus.org> <87sh7zgo96.fsf@mouse.gnus.org> <874lkfm9me.fsf@gmail.com> Date: Fri, 13 Apr 2018 17:19:51 +0200 In-Reply-To: <874lkfm9me.fsf@gmail.com> (Robert Pluim's message of "Fri, 13 Apr 2018 17:03:37 +0200") Message-ID: <87lgdrw2ug.fsf@mouse.gnus.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 26634 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Robert Pluim writes: > That=CA=BCs not what you have there. The first component of your FQDN is > 100% cyrillic. My FQDM? "gnus.org"? That's not very cyrillic. :-) > Did you mean ? No, I meant https://=D0=B0=D1=80=D1=80=D3=8F=D0=B5.com which is a totally d= ifferent domain. :-) Hm... Oh, that's the 100% cyrillic one. :-) This is so confusing. So eww definitely does the right thing with the mixed-script =D0=B0=D1=80= =D1=80=D3=8F=D0=B5.com, and I guess there's nothing to be done with the 100%-cyrillic case... > (FWIW, chrome is supposed to detect the 100% cyrillic case, but > doesn=CA=BCt as far as I can tell) What does Chrome do with that URL? Oh, I've got Chromium here, so I can just test... It displays https://xn--80ak6aa92e.com/ in the address bar. Which is... I guess... a choice. --=20 (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 13 11:38:26 2018 Received: (at 26634) by debbugs.gnu.org; 13 Apr 2018 15:38:27 +0000 Received: from localhost ([127.0.0.1]:50780 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f70mM-0001Fz-Ft for submit@debbugs.gnu.org; Fri, 13 Apr 2018 11:38:26 -0400 Received: from mail-wr0-f181.google.com ([209.85.128.181]:41002) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f70mI-0001Fk-76 for 26634@debbugs.gnu.org; Fri, 13 Apr 2018 11:38:21 -0400 Received: by mail-wr0-f181.google.com with SMTP id s12so9210682wrc.8 for <26634@debbugs.gnu.org>; Fri, 13 Apr 2018 08:38:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:mail-copies-to:gmane-reply-to-list :date:in-reply-to:message-id:mime-version:content-transfer-encoding; bh=Edbb3rxgkMWFcZG2gYGIrvyuPhSR+Gf2u7FmDkPmlxk=; b=PAQGpNcJ/wAxjxcaJ1d22ushdXy139POaY81Ea3W2yuMygPI7/7B+QFbR0ZhKUwT9I NaaoKIeKCy42FYd6ivJPL686tuidMxD8FkrgQ0/ZrOBTeMpohk2Vh3MY6dqbFyNN3Y0x IJ63vrUZJ8f5+OwzX511Vomcttq+TyhbJlawhBVAExsOOQ4PBYI88Jx0ifuPi5JUgBnj ZjESxFxvrpyflJWxkZ776P8nefbpKbxMZ0MuJLjNzEkScHYcn6+YBgynZL8jf8CVgib2 v8HFY1SnFwRuoNW+sQMZweuXFNzArBnzAuYbnL/BK8+UumbWeODqAdt/tL0xF66OgBe5 z7Pw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:mime-version :content-transfer-encoding; bh=Edbb3rxgkMWFcZG2gYGIrvyuPhSR+Gf2u7FmDkPmlxk=; b=saL6UUqRVrjZhTo8WDGZpwl6bqAZwukx8nOJ5vRHPkw30tdHac3YxqYPNLhkH8C2ix zzDajX+avx4j/C9YGyKoU3xYihvjfFZF/9HbYsq3harK4N1udDCsWsOsjailIY3Rc0SS E245zB/sQn7S/7anpSja26xPruQ5Ux2mfH8opoQ2gjHJzWVHdC3omQwCUnhH/QWU1xAV cvybUvc9pDf1fJ7S4eYPWCeyP+rEQbO0vGGfNwR2uxZPmxMYWXWARPlvtvhaZQffkChG YzZ+t5rJpPBf0rRTpJa/J4fhv+O0aLM311n3lef3g6b9BKuLdw9N+ojr0za9+S7zJ/CZ 7b2g== X-Gm-Message-State: ALQs6tCMeKYBvWgqx6LAft283ri5/muEwydXR5uOXS0KoB/EB4qv9L9a 86TaZBXt6uxY1BfXkU9jje7XLoRV2QQ= X-Google-Smtp-Source: AIpwx49F/Er9OXcA6hVgrpAHDOZSVudmVeRvUIGFwm7ObL+mEJvLcGy8syeSvSWPgZsBLqfWxpE2eg== X-Received: by 10.80.134.120 with SMTP id 53mr21449649edt.187.1523633892360; Fri, 13 Apr 2018 08:38:12 -0700 (PDT) Received: from rpluim-ubuntu ([149.5.228.1]) by smtp.gmail.com with ESMTPSA id a3sm3265573edi.53.2018.04.13.08.38.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 13 Apr 2018 08:38:11 -0700 (PDT) From: Robert Pluim To: Lars Ingebrigtsen Subject: Re: bug#26634: 26.0.50; The network security manager doesn't understand IDNA domains References: <8736zz8ct0.fsf@mouse.gnus.org> <87sh7zgo96.fsf@mouse.gnus.org> <874lkfm9me.fsf@gmail.com> <87lgdrw2ug.fsf@mouse.gnus.org> X-Debbugs-No-Ack: yes Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Fri, 13 Apr 2018 17:38:10 +0200 In-Reply-To: <87lgdrw2ug.fsf@mouse.gnus.org> (Lars Ingebrigtsen's message of "Fri, 13 Apr 2018 17:19:51 +0200") Message-ID: <87y3hrjevx.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 26634 Cc: 26634@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Lars Ingebrigtsen writes: > Robert Pluim writes: >> Did you mean ? > > No, I meant https://=D0=B0=D1=80=D1=80=D3=8F=D0=B5.com which is a totally= different domain. :-) > > Hm... Oh, that's the 100% cyrillic one. :-) This is so confusing. > Fun, isn=CA=BCt it? Can we go back to 7-bit ASCII please? > So eww definitely does the right thing with the mixed-script =D0=B0=D1=80= =D1=80=D3=8F=D0=B5.com, > and I guess there's nothing to be done with the 100%-cyrillic case... > >> (FWIW, chrome is supposed to detect the 100% cyrillic case, but >> doesn=CA=BCt as far as I can tell) > > What does Chrome do with that URL? > > Oh, I've got Chromium here, so I can just test... > > It displays https://xn--80ak6aa92e.com/ in the address bar. Which > is... I guess... a choice. I don=CA=BCt mind that. It=CA=BCs better than displaying the homograph. Robert From debbugs-submit-bounces@debbugs.gnu.org Sun Apr 15 09:59:32 2018 Received: (at 26634) by debbugs.gnu.org; 15 Apr 2018 13:59:32 +0000 Received: from localhost ([127.0.0.1]:54248 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f7iBn-0002S4-Qp for submit@debbugs.gnu.org; Sun, 15 Apr 2018 09:59:32 -0400 Received: from hermes.netfonds.no ([80.91.224.195]:35725) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f7iBl-0002Rp-Rm for 26634@debbugs.gnu.org; Sun, 15 Apr 2018 09:59:30 -0400 Received: from 46.67.12.60.tmi.telenormobil.no ([46.67.12.60] helo=corrigan) by hermes.netfonds.no with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1f7iBG-0008Md-VE for 26634@debbugs.gnu.org; Sun, 15 Apr 2018 15:59:29 +0200 Received: from larsi by corrigan with local (Exim 4.89) (envelope-from ) id 1f7iBA-0003Dm-Cd for 26634@debbugs.gnu.org; Sun, 15 Apr 2018 15:58:52 +0200 From: Lars Ingebrigtsen To: 26634@debbugs.gnu.org Subject: Re: bug#26634: 26.0.50; The network security manager doesn't understand IDNA domains References: <8736zz8ct0.fsf@mouse.gnus.org> <87sh7zgo96.fsf@mouse.gnus.org> <874lkfm9me.fsf@gmail.com> <87lgdrw2ug.fsf@mouse.gnus.org> <87y3hrjevx.fsf@gmail.com> Date: Sun, 15 Apr 2018 15:58:51 +0200 In-Reply-To: <87y3hrjevx.fsf@gmail.com> (Robert Pluim's message of "Fri, 13 Apr 2018 17:38:10 +0200") Message-ID: <877ep8d10k.fsf@mouse.gnus.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 26634 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Robert Pluim writes: >> It displays https://xn--80ak6aa92e.com/ in the address bar. Which >> is... I guess... a choice. > > I don=CA=BCt mind that. It=CA=BCs better than displaying the homograph. Well... If you have an all-Cyrillic URL, then you should be able to handle that as a normal domain, otherwise all this IDNA stuff is just nonsense, and we'll never leave ASCII domains. Firefox does the same as Emacs currently does, and Chrome doesn't. So I think I'll close this bug report and we can revisit the issue if an industry "best practice" is ever established. --=20 (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From debbugs-submit-bounces@debbugs.gnu.org Sun Apr 15 09:59:31 2018 Received: (at control) by debbugs.gnu.org; 15 Apr 2018 13:59:31 +0000 Received: from localhost ([127.0.0.1]:54246 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f7iBn-0002S1-Ix for submit@debbugs.gnu.org; Sun, 15 Apr 2018 09:59:31 -0400 Received: from hermes.netfonds.no ([80.91.224.195]:35724) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1f7iBl-0002Rn-IC for control@debbugs.gnu.org; Sun, 15 Apr 2018 09:59:29 -0400 Received: from 46.67.12.60.tmi.telenormobil.no ([46.67.12.60] helo=corrigan) by hermes.netfonds.no with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1f7iBR-0008PC-93 for control@debbugs.gnu.org; Sun, 15 Apr 2018 15:59:28 +0200 Received: from larsi by corrigan with local (Exim 4.89) (envelope-from ) id 1f7iBD-0003Dp-3N for control@debbugs.gnu.org; Sun, 15 Apr 2018 15:58:55 +0200 To: control@debbugs.gnu.org From: Lars Ingebrigtsen Subject: control message for bug #26634 Message-Id: Date: Sun, 15 Apr 2018 15:58:55 +0200 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) tags 26634 fixed close 26634 From unknown Thu Jun 19 14:33:57 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Mon, 14 May 2018 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator From debbugs-submit-bounces@debbugs.gnu.org Sun Jul 22 07:06:48 2018 Received: (at control) by debbugs.gnu.org; 22 Jul 2018 11:06:48 +0000 Received: from localhost ([127.0.0.1]:51587 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fhCCO-00006r-Bw for submit@debbugs.gnu.org; Sun, 22 Jul 2018 07:06:48 -0400 Received: from hermes.netfonds.no ([80.91.224.195]:57677) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fhCCK-00006g-D9 for control@debbugs.gnu.org; Sun, 22 Jul 2018 07:06:44 -0400 Received: from cm-84.212.221.165.getinternet.no ([84.212.221.165] helo=stories) by hermes.netfonds.no with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1fhCCI-0005IN-1c for control@debbugs.gnu.org; Sun, 22 Jul 2018 13:06:43 +0200 Date: Sun, 22 Jul 2018 13:06:41 +0200 Message-Id: To: control@debbugs.gnu.org From: Lars Ingebrigtsen Subject: control message for bug #26634 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) unarchive 26634 From debbugs-submit-bounces@debbugs.gnu.org Sun Jul 22 07:36:02 2018 Received: (at 26634) by debbugs.gnu.org; 22 Jul 2018 11:36:02 +0000 Received: from localhost ([127.0.0.1]:51604 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fhCec-0004mo-Tk for submit@debbugs.gnu.org; Sun, 22 Jul 2018 07:36:02 -0400 Received: from hermes.netfonds.no ([80.91.224.195]:57802) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fhCeX-0004mc-LG for 26634@debbugs.gnu.org; Sun, 22 Jul 2018 07:35:57 -0400 Received: from cm-84.212.221.165.getinternet.no ([84.212.221.165] helo=stories) by hermes.netfonds.no with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1fhCeS-0002VC-KS for 26634@debbugs.gnu.org; Sun, 22 Jul 2018 13:35:52 +0200 From: Lars Ingebrigtsen To: 26634@debbugs.gnu.org Subject: [Lars Ingebrigtsen] Re: bug#26634: 26.0.50; The network security manager doesn't understand IDNA domains Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAHlBMVEXAu61AWH7g0abj1awp Q2kSEhfl2bFkb4WPkpjx68/QWlioAAACY0lEQVQ4jVWUTWvjMBCGp1lwlFsFXpzj4ly6t2KD7wGF /oGEXg0GUd8aNiDvTS5LNb3lFPC/3VeSlaRDcBI9ejWaL1Ndl8mY069NuSFdV/M/Z+N37a0i3c0S XpQ30NTUzAp3PbHc1LXuyBhmpvLeAJqOFOwA26vBsF2k0zrayoGP6s+zcOMubHgxYQMVhmmpPjpd scmDNhqZwTZv6sem+sXuO2Dbv/mrnglH3ggNTFNLi8XvqRVGqt0N2GzSuiQG8JJEiG12yfrnB/XV krg7DKAnolGpNb6Ek/msoXfq34RElNvCQmKMjHejApcacx+/evGEcesA1JCJJUCu8q3NiCwlIIsj IlNSrp3VGo4SUFspA/iaYLpvrwAGIosp2gV3TgCaWQAJEpDvZuDXZR/3Cx5Dlj2QgwWIgtaZcfsz Oe8nx+soICYX0oIKyjUcLh/jOgCH0Ek6uV7hBPi+eIFjlsE5LwvzdzqT35+FZPmPQgWtmFZzBFh3 oZ34dKDRTskuPv8FWyZhDOpxBefP6XL0ZQE4IptpvRWry1IO7wBwg76aJe1g+/NoDAA8ScRRZDoA LInVWeLpUHof4LuOdSDKpvbhUThfdxRKFugtwUTgLdGnOKmYXemRsbRCmMgI0Wm/OyiaqyHXvvFa Mfjotnkuab+PBSlspoVPlRl3r0fEkXrVz4UsiuFJHHc4RFHlE3dKjfn6L/Uo6Ubrzs9nzOBtDLQ3 TK4QH3H+/AnokwhKtOY8mH7K8WYoZ3BbbTQemzqATodtGPDGO2xq/06ICl1WZQUYHd6DLj6beJP6 6uOb1VW1qcr/8jdZH6A2jWcAAAAASUVORK5CYII= Date: Sun, 22 Jul 2018 13:35:48 +0200 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 26634 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) -------------------- Start of forwarded message -------------------- From: Lars Ingebrigtsen Subject: Re: bug#26634: 26.0.50; The network security manager doesn't understand IDNA domains Date: Sun, 22 Jul 2018 13:04:44 +0200 Ted Zlatanov writes: > Suggestion: what if we used IDNA and highlighting if multiple scripts > are mixed in any segment of the DNS path (a "word" in the syntax)? And a > tooltip explaining the problem? That would make it clear to the user. You mean in the eww title bar? Yes, that would make sense... > It would also be potentially beneficial in Dired and prog-mode. Here I > would again flag any mixed scripts in a word. Hm... well, the security implications of having a mixed-script file name are different from mixed-script domain names. > The same approach might be nice in `list-packages' in case someone > malicious pushes out packages with confusables in the name. Here the > check would flag anything non-ASCII. That does sound useful. > WDYT? A minor mode? Or maybe it exists already? Not that I know of. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no -------------------- End of forwarded message -------------------- From unknown Thu Jun 19 14:33:57 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Mon, 20 Aug 2018 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator