At 02:15 PM 2/3/2002 +0900, you wrote:
>On Sat, 2 Feb 2002, David Starner wrote:
>[...several lines cut to save room...]
> > I think I'm missing your perspective. To me, these are minor quirks. Why
> > do you see them as huge problems?
>
>I am thinking about electronically signed Unicode text documents
>that are rendered correctly or believeed to be rendered correctly,
>still they look different, seem to contain additional or do not
>seem to contain some text when viewed with different viewers due
>to some ambiguities inherent in the standard.
An electronically signed document allows you to trust who wrote it, and
that the *byte* sequence* hasn't been tampered with. It implies nothing at
all trust wise about what software you should use to interpret it. You
would go through the trouble to verify a signature, but trust the .doc
extension and some machine's implementation of Word with your money? Makes
no sense.
That being said, identifying security issues of existing programs and or
protocols when they intersect with Unicode-based data is an important
issue, and one I intend to cover regularly on www.i18n.com, once it
launches this month.
For those of you that have specific issues to write about, or are
interested in providing a series of security-related articles (length and
frequency TBD, please contact me off-list. I think there are endless
examples already out there, to provide, and I know of at least one that is
serious. Let's find more!
Best Regards,
Barry Caplan
www.i18n.com - coming soon, preview available now
News | Tools | Process for Global Software
Team I18N
This archive was generated by hypermail 2.1.2 : Sun Feb 03 2002 - 03:16:02 EST