[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [idn] Debunking the ACE myth

To: Patrik Fältström <paf@cisco.com>
Subject: Re: [idn] Debunking the ACE myth
From: C C Magnus Gustavsson <mag@lysator.liu.se>
Date: Fri, 20 Jul 2001 00:36:36 +0200 (MET DST)
Cc: "Eric A. Hall" <ehall@ehsco.com>, idn@ops.ietf.org

On Thu, 19 Jul 2001, Patrik Fältström wrote:

> As evidence that you are completely wrong I take Hotmail as an example.

I agree. Whatever experience I have tells me that a lot of companies won't
bother with internationalization. They will upgrade for security reasons
but as we know, recently discovered vulnerabilities usually only affect
newer versions. (E g, recent exploits have been for BIND 8 while a lot of
people still run BIND 4.)

I'd just like to point out that scenarios like this is one of the 
arguments a number of people have tried to present in support of UTF-8. 
Software vendors won't test their products enough or prioritize fixing
problems which is why we'll most likely get problems with "leakage" of
ACE. And that's precisely the reason why we need to move toward the Single
Encoding in all protocols...

/Magnus

Prev by Date: Re: [idn] Debunking the ACE myth
Next by Date: RE: [idn] IDN security and ACE leakage
Prev by thread: Re: [idn] Debunking the ACE myth
Next by thread: Re: [idn] Debunking the ACE myth
Index(es):
- Date
- Thread