Re: [idn] length restrictions on IDN label

[Soobok Lee <lsb@postel.co.kr>]

Paul Hoffman / IMC wrote:

> At 10:10 PM +0900 10/14/02, Soobok Lee wrote:
>
> > Most applications programmer have been reserving 256 bytes for any LDH
> > FQDN buffer space .
>
> It is amazingly arrogant for anyone to make statements about "most 
> applications programmer".
I accepted. :-)

> > But that convention should be changed to cover the cases of long utf8
> > IDN FQDN which may be
> > 3 or 4 times longer than 256 octets.
>
> Why just UTF8? Why not UTF16? Or GB? Or ... ?
I already mentioned other encodings in the early postings.

> > If this warning is neglected by application programmers,
> > some remote malicious crackers will send to users' applications long ACE
> > IDNs manufactured to
> > cause buffer overflow errors when toUnicoded and seaze control of the
> > machine.
>
> Oh, come on. Step 6 of ToUnicode is exactly two words long. Which one 
> of those two words do you think that other applications programmers 
> will not understand?
"6. Apply ToASCII  "
is   for verification purpose and it won't change that situation.
Step 8 of ToUnicode function which may have enough buffer space  itself
will return  long unicode string result to  cal;ling applications that 
may have shorter buffer space.


> --Paul Hoffman, Director
> --Internet Mail Consortium