Comments (4)
testbird
commented on June 23, 2024
Where are domain names translated?
The general conclusion seems to depreciate "punnycode" international domain names.
https://stackoverflow.com/questions/7497468/can-punycode-encoded-email-addresses-clash-with-real-addresses
http://rant.gulbrandsen.priv.no/eai/utf8-punycode
And a search for "punnycode security" brings up many reasons to disable it by default. At least in browsers.
from deltachat-android.
t-oster
commented on June 23, 2024
can you provide an example? I am not sure I understand where the problem occurs.
from deltachat-android.
testbird
commented on June 23, 2024
According to the last link messages including headers can be UTF8, but domain names can not, they need to be in punny-code. (special characters are translated into something like xn--code)
The last paragraph says to use UTF8 everywhere internally, and to only translate before sending (outgoing).
BUT (IIUC) the spoofing problem comes in when translating incoming punny domains (what r10s seems to refer to above), because there are multiple punnycode domains that look the same for the user.
Thus, also keeping the domain part as non-ambiguous punny-code for reference internally and use it to assign incoming messages to the right chat (possibly also displaying in the contact details), also seems safer (prevents others to spoof). (And, do not translate local parts to always stay unambiguous and prevent mis-addressing and spoofing.)
from deltachat-android.
r10s
commented on June 23, 2024
moved to deltachat/deltachat-core#264
from deltachat-android.
Related Issues (20)
- PNG image not displayed in chat (preview) when file size >5 MB HOT 2
- contact name lost after app update HOT 8
- Disappearing notifications HOT 5
- Crash when trying to perform account backup HOT 4
- re-label delete/accept request buttons to ignore/accept HOT 3
- undefined symbols after updating rust-toolchain HOT 4
- cannot link core 1.136.1 HOT 7
- Get rid of `FileUtils.getFileDescriptorOwner` HOT 2
- react with any emoji
- tune down in-app emoji selector
- add appgallery instructions to RELEASE.md
- Webxdc with `request_internet_access` set not working on Saved Messages
- Pull metadata and changelog translations from weblate HOT 3
- Fail to take picture with system's camera HOT 1
- Offer Pin/archive/mute/delete on long-tapping chats in search results
- allow to open "offline help" from welcome screens
- add and refine instant onboarding strings
- New "Instant Onboarding" UX flow to create accounts HOT 5
- support FCM PUSH notifications HOT 2
- not possible to share media from one chat to another
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from deltachat-android.