[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] length restrictions on IDN label

To: Soobok Lee <lsb@postel.co.kr>
Subject: Re: [idn] length restrictions on IDN label
From: Paul Hoffman / IMC <phoffman@imc.org>
Date: Mon, 14 Oct 2002 06:47:33 -0700
Cc: idn@ops.ietf.org
In-reply-to: <3DAAC230.40100@postel.co.kr>
References: <200210140752.g9E7qAo1065368@drugs.dv.isc.org><3DAAC230.40100@postel.co.kr>

At 10:10 PM +0900 10/14/02, Soobok Lee wrote:

Most applications programmer have been reserving 256 bytes for any LDH
FQDN buffer space .

It is amazingly arrogant for anyone to make statements about "most applications programmer".

But that convention should be changed to cover the cases of long utf8
IDN FQDN which may be
3 or 4 times longer than 256 octets.

Why just UTF8? Why not UTF16? Or GB? Or ... ?

If this warning is neglected by application programmers,
some remote malicious crackers will send to users' applications long ACE
IDNs manufactured to
cause buffer overflow errors when toUnicoded and seaze control of the
machine.

Oh, come on. Step 6 of ToUnicode is exactly two words long. Which one of those two words do you think that other applications programmers will not understand?

--Paul Hoffman, Director
--Internet Mail Consortium

Follow-Ups:
- Re: [idn] length restrictions on IDN label
  - From: Soobok Lee <lsb@postel.co.kr>

References:
- Re: [idn] length restrictions on IDN label
  - From: Mark.Andrews@isc.org
- Re: [idn] length restrictions on IDN label
  - From: Soobok Lee <lsb@postel.co.kr>

Prev by Date: Re: [idn] length restrictions on IDN label
Next by Date: Re: [idn] length restrictions on IDN label
Previous by thread: Re: [idn] length restrictions on IDN label
Next by thread: Re: [idn] length restrictions on IDN label
Index(es):
- Date
- Thread