Asmus is absolutely right about Latin, Greek and Cyrillic. And the
response that Unicode should be encoding glyphs instead of characters
is, in the least, misguided. No character encodings have ever been
predicated on that. For an example of how many glyphs are available
just for the letter A, look at:
http://www.macchiato.com/utc/glyph_variation.html
There have been attempts to develop glyph standards (AFII was one).
All have floundered.
Mark
—————
Πόλλ’ ἠπίστατο ἔργα, κακῶς δ’ ἠπίστατο πάντα — Ὁμήρου Μαργίτῃ
[For transliteration, see http://oss.software.ibm.com/cgi-bin/icu/tr]
----- Original Message -----
From: "Philipp Reichmuth" <uzsv2k@uni-bonn.de>
To: "Asmus Freytag" <asmusf@ix.netcom.com>
Cc: <unicode@unicode.org>
Sent: Friday, February 08, 2002 09:18
Subject: Re[2]: Unicode and Security
> Hello Asmus and others,
>
> >>I'm not sure Unicode can be fixed at this point. The flaws may be
> >>too deeply embedded. The real solution may involve waiting until
> >>companies and people start losing significant amounts of money as
a
> >>result of the flaws in Unicode, and then throwing it away and
> >>replacing it with something else.
>
> AF> This sounds nice and dramatic, but misses the point that the
kinds of
> AF> issues you highlighted are absolutely common to *all* character
sets
> AF> containing Latin and Greek, or Latin and Cyrillic characters,
suggesting
> AF> that you are simply grandstanding here, instead of trying to
find real
> AF> solutions to your problem.
>
> Oh, it is very well possible to design a character set that supports
> all of Latin, Cyrillic and Greek without being susceptible to this
> problem beyond the familiar 1-l-|, 0-O dimension. The main premise
is
> to encode glyphs instead of characters so that one glyph "A" is used
> in all three of these alphabets. Roundtrip compatibility with legacy
> character sets would be a problem, though. It looks like there is
the
> decision between kludge A (roundtrip compatibility missing) and
kludge
> B (easier spoofability). However, for URLs etc., roundtrip
> compatibility is not really necessary, I think.
>
> AF> Earlier, you accused Unicode of being in denial about security
> AF> issues: It is you who is in denial about some underlying
> AF> realities, among which is that there are security issues that
> AF> cannot be "fixed" by designing a 'better' character set.
>
> I am sure they can be fixed by designing a better character set that
> is better suited to a given problem. A lot of problems can be
avoided
> by regarding a character set as an application-specific entity to
some
> extent.
>
> This is not what we want, of course; we want a universal encoding
> across all applications. This being our premise, the resulting
> problems which you cannot possibly deny will have to be dealt with
in
> one way or the other. To me, it seems a better idea to fix problems
> that arise directly from the way we encode our characters already on
> the character set level as far as possible, even if it just means
> notifying people that mixing characters from different alphabets may
> lead to misinterpretations and to denote common glyph similarities
in
> the standard, such as the glyph "A" or for that part the character
"A"
> being indiscernible in several alphabets.
>
> Philipp mailto:uzsv2k@uni-bonn.de
> ___________________
> Seeing my great fault / Through darkening blue windows / I begin
again
>
>
>
This archive was generated by hypermail 2.1.2 : Fri Feb 08 2002 - 18:07:30 EST