[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [idn] Re: Fwd: Unicode letter ballot
Simon Josefsson <jas@extundo.com> wrote:
> To me, case 1a seems to be a disaster as far as security is concerned.
> All other cases are better. I prefer 2a, followed closely by 1c.
This is very curious. You say 2a is your favorite, and 1a is a
disaster, but to me they appear to have the very same characteristics.
Could you give a scenario that illustrates why 1a is so much worse than
2a?
It seems to me that for any security hole in 1a involving the comparison
of Unicode strings, the same security hole exists in 2a involving the
comparison of CNS 11643 strings.
(Reminder: 1a means the decomposition mappings are changed and
Stringprep tracks the update. 2a means characters are deprecated and
added, and Stringprep tracks the update.)
AMC