april
commented
8 years ago All I really want in life is 💩.badssl.com. I think I could finally die happy.
Open gene1wood opened 8 years ago
april
commented
8 years ago All I really want in life is 💩.badssl.com. I think I could finally die happy.
lgarron
commented
8 years ago You mean a non-wildcard cert? (See #52.)
gene1wood
commented
8 years ago @lgarron Yes, non wildcard. Just a plain valid IDN cert.
lgarron
commented
8 years ago An IDN subdomain with a cert would be useful for testing.
Also, what test conditions would it be useful for?
Additional certs are more management overhead (and possibly more money), so a list of good reasons would help prioritize this.
gene1wood
commented
8 years ago Sure thing, I can give my use case. I'm in the process of scanning Mozilla owned domain names against the certificate transparency logs. Some of those domain names are IDN names. I was hoping to find an example IDN site with a certificate so I could validate that my CT log scanning tool was working when it was looking for IDN domains. As it is right now I can't be sure if the IDN domain I'm looking at has/had a certificate and the CT log scanner doesn't accept IDN domains, or if the IDN domain I'm looking at just didn't have a cert.
And I totally understand the management overhead/cost issue, just thought I'd put it in here in case it made sense. Maybe I'm the only person with this kind of need in which case feel free to ignore. Or maybe this use case isn't core to badssl.
lgarron
commented
8 years ago Sounds reasonable, if not directly applicable to browser UI. Then again, we have a bunch of IDNA edge cases ourselves.
I think I could finally die happy.
I'd like something slightly more refined. :-P
In any case, Chrome doesn't display emoji in domain parts.
How about ιδνα.badssl.com? It has the property of decoding to the cool-sounding xn--mxafor.badssl.com :-P
lgarron
commented
8 years ago Alternatively, we could cause infinite troubles by using א.badssl.com ;-)
gene1wood
commented
8 years ago And for the time being, I happened upon one in my scanning of our own domains. I can't guarantee this will stay around and I'd say don't include it in anything as I don't know what sits behind the name, but it is a valid IDN cert
lgarron
commented
8 years ago april
commented
8 years ago 💩.badssl.com, here we come!
lgarron
commented
7 years ago I'mma put in a word for ѭ, which looks like a cat. 😸
lgarron
commented
7 years ago I just realized that we can have Cyrillic "spoof" subdomains:
lgarron
commented
7 years ago Cyrillic homoglyphs are the best for spelling sketchy words:
An IDN subdomain with a cert would be useful for testing.
In searching the web I've been unable to find an example of an IDN cert. Let's Encrypt predicts they will begin issuing IDN certs in December