[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-yergeau-rfc2279bis-02.txt for STANDARD
On fredag, jan 10, 2003, at 09:15 Europe/Stockholm,
ned.freed@mrochek.com wrote:
> (c) Slip in a sentence somewhere (maybe as a security
> consideration) indicating that > 4 bytes is possible in the future
and
> that programs should not be designed on the assumption that they
will
> never see more than four bytes. I.e., interoperability testing at
<= 4
> is fine, but I'd hate to set someone up for a buffer overflow
problem.
I think this is not likely to be needed; it should be OK to treat 5+
byte
encodings as a protocol error. But I could be wrong...
Actually, I think it is preferable to treat them as protocol errors,
due to
the need for UTF-16 compatibility.
I still would like to have a wording about this in a security
considerations section so we minimize the risk for buffer overflow.
paf