[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [idn] length restrictions on IDN label
At 10:10 PM +0900 10/14/02, Soobok Lee wrote:
Most applications programmer have been reserving 256 bytes for any LDH
FQDN buffer space .
It is amazingly arrogant for anyone to make statements about "most
applications programmer".
But that convention should be changed to cover the cases of long utf8
IDN FQDN which may be
3 or 4 times longer than 256 octets.
Why just UTF8? Why not UTF16? Or GB? Or ... ?
If this warning is neglected by application programmers,
some remote malicious crackers will send to users' applications long ACE
IDNs manufactured to
cause buffer overflow errors when toUnicoded and seaze control of the
machine.
Oh, come on. Step 6 of ToUnicode is exactly two words long. Which one
of those two words do you think that other applications programmers
will not understand?
--Paul Hoffman, Director
--Internet Mail Consortium