Re: [PATCH v2] hex2bin: make the function hex_to_bin constant-time
From: Linus Torvalds
Date: Wed May 04 2022 - 15:52:16 EST
On Wed, May 4, 2022 at 12:43 PM Jason A. Donenfeld <Jason@xxxxxxxxx> wrote:
>
> א.cc is correct. If you can't load it, your browser or something in
> your stack is broken.
It's just google-chrome.
And honestly, the last thing I want to ever see is non-ASCII URL's.
Particularly from a security person. It's a *HORRIBLE* idea with
homoglyphs, and personally I think any browser that refuses to look it
up would be doing the right thing.
But I don't think that it's the browser, actually. Even 'nslookup'
refuses to touch it with
** server can't find א.cc: SERVFAIL
and it seems it's literally the local dns caching (dnsmasq?)
> Choosing a non-ASCII domain like that clearly a
> bad decision because people with broken stacks can't load it?
No. It's a bad idea. Full stop. Don't do it.
Linus