Re: Security Issues

From: Peter Kirk (peterkirk@qaya.org)
Date: Thu Mar 24 2005 - 05:55:55 CST

  • Next message: Chris Jacobs: "Re: Security Issues"

    On 24/03/2005 06:51, Patrick Andries wrote:

    > ...
    > I wonder what extra security you gain by removing let say apostrophe,
    > hyphen, middle dot ? There is nothing wrong using caseless letters or
    > marks with other symbols from a bicameral script (it depends on the
    > writing system, that is the language using these characters).
    >
    I suspect the real problem with apostrophe is more one of backward
    compatibility with existing software. I remember some years ago a
    colleague with an O'Connor type of name using the apostrophe in his
    e-mail address. This worked with some software, but not with others
    which treated the apostrophe as a separator or something similar. This
    is not an argument for banning it in IDNs, but it might require that it
    be processed as a non-ASCII character even if it is in fact U+0027. Or
    perhaps it should be U+02BC, or U+2019? The security issue would of
    course come in if these three, and other near look-alikes, are treated
    as distinct allowable characters in IDNs. So perhaps this is a case
    where all of them need to be folded on to just one of them.

    There is not I think a problem with hyphen, as this is already part of
    the allowed set.

    -- 
    Peter Kirk
    peter@qaya.org (personal)
    peterkirk@qaya.org (work)
    http://www.qaya.org/
    -- 
    No virus found in this outgoing message.
    Checked by AVG Anti-Virus.
    Version: 7.0.308 / Virus Database: 266.8.1 - Release Date: 23/03/2005
    


    This archive was generated by hypermail 2.1.5 : Thu Mar 24 2005 - 05:58:22 CST