[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] Re: Fwd: Unicode letter ballot

To: IETF idn working group <idn@ops.ietf.org>
Subject: Re: [idn] Re: Fwd: Unicode letter ballot
From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
Date: Sat, 30 Nov 2002 09:02:27 +0000
In-reply-to: <ilu65uifg7f.fsf@extundo.com>
References: <200211280104.RAA03897@birdie.sybase.com> <20021128031204.GA21675@nicemice.net> <ilu65uifg7f.fsf@extundo.com>
Reply-to: IETF idn working group <idn@ops.ietf.org>
User-agent: Mutt/1.4i

Simon Josefsson <jas@extundo.com> wrote:

> To me, case 1a seems to be a disaster as far as security is concerned.
> All other cases are better.  I prefer 2a, followed closely by 1c.

This is very curious.  You say 2a is your favorite, and 1a is a
disaster, but to me they appear to have the very same characteristics.
Could you give a scenario that illustrates why 1a is so much worse than
2a?

It seems to me that for any security hole in 1a involving the comparison
of Unicode strings, the same security hole exists in 2a involving the
comparison of CNS 11643 strings.

(Reminder: 1a means the decomposition mappings are changed and
Stringprep tracks the update.  2a means characters are deprecated and
added, and Stringprep tracks the update.)

AMC

Follow-Ups:
- [idn] Re: Fwd: Unicode letter ballot
  - From: Simon Josefsson <jas@extundo.com>

References:
- [idn] Re: Fwd: Unicode letter ballot
  - From: Kenneth Whistler <kenw@sybase.com>
- Re: [idn] Re: Fwd: Unicode letter ballot
  - From: "Adam M. Costello" <idn.amc+0@nicemice.net.RemoveThisWord>
- [idn] Re: Fwd: Unicode letter ballot
  - From: Simon Josefsson <jas@extundo.com>

Prev by Date: Re: [idn] When will IDN's go live?
Next by Date: [idn] Re: Fwd: Unicode letter ballot
Previous by thread: [idn] Re: Fwd: Unicode letter ballot
Next by thread: [idn] Re: Fwd: Unicode letter ballot
Index(es):
- Date
- Thread