Jump to content

Talk:Punycode

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 192.88.60.254 (talk) at 17:28, 7 February 2005. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

First, the linked "Punycode Exploit" should link to the advisory text, not the simple demonstration page. Secondly, this is not an exploit of punycode so much as it is an exploit of the fact that not running domain names through nameprep is asking for spoofing problems.

I would change the paragraph from: 

  Punycode is easily exploitable, and for an example see Punycode exploit

to: 

  Note that browsers which fail to run a string
  through nameprep before using it as a DNS name are 
  vulnerable to spoofing exploits, as in Punycode spoof.

With the last two words an external link to the exploit.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Punycode&oldid=10039277"