Re: Unicode and Security

From: Elliotte Rusty Harold (
Date: Thu Feb 07 2002 - 15:53:45 EST

At 2:10 PM -0600 2/7/02, David Starner wrote:

>What else?

ASCII, ISO-Latin-1. Not great solutions to be sure, but if it stops
the engineers from accidentally giving away the company jewels then
IT will impose them.

>As we keep pointing out, almost every character in Unicode
>that normally has the same glyph as another is in Unicode with good
>reason. To change that to something that would fit your goals will cost
>billions right now just for the change, and then you end with a
>character set that can't round trip all the others in common use, and
>that is more painful to use for Greeks and Russian, and completely
>unusable for mathematicians. I seriously doubt the world would go to a
>massively inferior character set because of the security holes you're
>talking about.

For text files, probably not. But for the domain name system the
world very well might. Indeed, maybe it should unless this problem
can be dealt with. I suspect it can be dealt with by prohibiting
script mixing in domain names (e.g. each component of the name must
be entirely Greek or entirely Cyrillic or entirely Latin etc. Note: is OK.) Does anybody really
need mixed Latin and Greek domain names?

Still, this would just fix the problem for domain names. This is an
use-case I suspect wasn't even considered back in the mid-80s when
Unicode got rolling. I wouldn't be surprised if in another ten years
we find similar problems in some as yet unnoticed and unconsidered
area. Technology's nasty like that.


+-----------------------+------------------------+-------------------+ | Elliotte Rusty Harold | | Writer/Programmer | +-----------------------+------------------------+-------------------+ | The XML Bible, 2nd Edition (Hungry Minds, 2001) | | | | | +----------------------------------+---------------------------------+ | Read Cafe au Lait for Java news: | | Read Cafe con Leche for XML news: | +----------------------------------+---------------------------------+

This archive was generated by hypermail 2.1.2 : Thu Feb 07 2002 - 15:43:26 EST