9 Replies Latest reply: Oct 18, 2013 4:48 PM by Tom Gewecke
RETRAX Level 1 Level 1 (40 points)

Hello Safari / WebKit-Team,

 

The .de NIC (denic.de) will implement IDNA2008 from 2010-11-16 onwards,

especially allowing for ß (\u00df) in domain names. Hence, the automatic

translation of ß to ss may result in looking up the wrong domain name, allowing

for spoofing attacks.

(DENIC will run a sunrise period (2010-10-26 to 2010-11-15) during which

holders of domains with ss will be allowed top register the respective ß domain

in advance.)

 

http://www.denic.de/en/domains/internationalized-domain-names/sharp-s.html

 

ß and ss are not exchangable in German. ss instead of ß is just a makeshift. Germans expect ß to usually just work if

umlauts work (which already do for a while).

 

Steps to Reproduce:

1. Start Safari on OS X Mountain Lion or on iOS

2. Open the domain "http://www.heß.de" (a family name).

 

 

Expected Results:

Safari will change the "ß" character to "ss" and open "http://www.hess.de" which is a completely different family name (last name).

 

For example: "Michael Heß" and "Peter Hess".

 

 

Thanks & Regards

 

Michael


iMac, OS X Mountain Lion (10.8.5)