[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-yergeau-rfc2279bis-02.txt for STANDARD

To: ned.freed@mrochek.com
Subject: Re: draft-yergeau-rfc2279bis-02.txt for STANDARD
From: Patrik Fältström <paf@cisco.com>
Date: Fri, 10 Jan 2003 11:03:20 +0100
Cc: Harald Tveit Alvestrand <harald@alvestrand.no>, IESG <iesg@ietf.org>
In-reply-to: <01KR1TKO3O2U002O3W@mauve.mrochek.com>

On fredag, jan 10, 2003, at 09:15 Europe/Stockholm, ned.freed@mrochek.com wrote:

> (c) Slip in a sentence somewhere (maybe as a security
> consideration) indicating that > 4 bytes is possible in the future and
> that programs should not be designed on the assumption that they will
> never see more than four bytes. I.e., interoperability testing at <= 4
> is fine, but I'd hate to set someone up for a buffer overflow problem.
I think this is not likely to be needed; it should be OK to treat 5+ byte
encodings as a protocol error. But I could be wrong...

Actually, I think it is preferable to treat them as protocol errors, due to
the need for UTF-16 compatibility.

I still would like to have a wording about this in a security considerations section so we minimize the risk for buffer overflow.

paf

References:
- Re: Fwd: draft-yergeau-rfc2279bis-02.txt for STANDARD
  - From: ned.freed@mrochek.com

Prev by Date: Re: Fwd: draft-yergeau-rfc2279bis-02.txt for STANDARD
Next by Date: Re: draft-yergeau-rfc2279bis-02.txt for STANDARD
Previous by thread: Re: Fwd: draft-yergeau-rfc2279bis-02.txt for STANDARD
Next by thread: Re: draft-yergeau-rfc2279bis-02.txt for STANDARD
Index(es):
- Date
- Thread