GNOME Bugzilla – Bug 567871
missing idn / punycode support
Last modified: 2009-06-11 07:55:11 UTC
Nautilus supports opening (s)ftp uris. But support for IDN domains is missing for that one has to enter the decoded uri all the time which is kind of annoying. Insted of ftp://jörg-müller.de one would have to enter ftp://xn--jrg-mller-07a4e.de. As far as I know there is already gnu idnlib so why not using it? Greetings, Daniel Other information:
-> gvfs/ftp AFAICS this should be done inside GVfs.
If we're going to push this down the stack; libsoup does resolving for the ftp backend. I don't know if it's wise to push punycode that far down in the stack though. Punycode is an application, rather then protocol, invention and should probably be kept close to the displaying application (if nothing else, only to give it chance to do anti-phishing things - since unicode contains visually identical characters to many normal ascii characters the user needs to be alerted when punycode is being used). .... alex seems to agree, from the irc discussion: 11:07 < alex> i'm not sure it should be done in gvfs 11:08 < alex> there are all sorts of security issues with it 11:08 < alex> and i don't think such uris are quite uris 11:09 < alex> Maybe g_file_parse_name() could use it 11:09 < fatal> the application displaying the url should probably handle it.... 11:09 < fatal> so that they can do as firefox and show the user that it'll be converted to a scary xn-- address.. 11:09 < alex> I think especially troublesome is displaying the unicode version, yes 11:10 < alex> anyway, the async resolver patch has some code for this 11:10 < alex> http://bugzilla.gnome.org/show_bug.cgi?id=548466 ... 11:16 < alex> Well, don't take these words as final 11:16 < alex> it requires careful thought, that is all
Just a heads up... As previously mentioned the ftp backend uses libsoup for resolvning hostnames (amoung other things). Now libsoup is apparently about to be ported over to the new gresolver (just merged into glib development branch) which should handle IDN, all according to: http://mysterion.org/~danw/blog/2009/04/gresolver That should solve this bug (on the backend side) and applications (nautilus) will need to start worrying about how they are going to solve the needed anti-phishing enhancements that need to go hand in hand with IDN-support.
(In reply to comment #3) > That should solve this bug (on the backend side) and applications (nautilus) > will need to start worrying about how they are going to solve the needed > anti-phishing enhancements that need to go hand in hand with IDN-support. Sigh. This was supposed to be fixed at the registrar level *years* ago (by the registrars not letting you register names with potentially-confusing/evil mixes of scripts) but apparently it's not... At any rate, it's worth noting that no one actually bothers to attempts IDN homograph attacks, because it's so easy to get users to click on http://bankofamerica.not-really-im-going-to-steal-all-your-money.com. we should probably just add a g_hostname_is_phishy() to ghostutils.c i guess...
This apparently works now after the switch to gnio. At least it connects to ftp.kindermöbelladen.de fine here.