On 02/19/2009 05:39 PM, Benjamin Smedberg:
Other than this specific attack, what are the concerns about wildcards that
would make us take such a drastic action?
It sounds to me that we could and should fix this bug simply by disabling
punycode for the wildcard portion.
Because punycode isn't the real problem here...
https://www.paypal.com.cgi-bin.webscr?cmd=_login-run.some.tld/more?giberrish&and&more&strings&to&come
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
