[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: RFC 2279 (UTF-8) to Full Standard
The most important change, IMO, is to explicitly forbid what
Unicode 3.2 calls irregular code unit sequences and to
explicitly draw attention to these in the section on Security
Considerations. This section should clearly distinguish the
different avenues of attack:
- irregular code unit sequences
- over-long sequences
- are there any others?
One important change which comes under Martin's heading of
"Check/update references" is a replacement of:
A more detailed algorithm and formulae can be found in [FSS_UTF],
[UNICODE] or Annex R to [ISO-10646].
with something more useful.
Thanks,
Misha
On 11/04/2002 06:55:05 Martin Duerst wrote:
> At 20:59 02/04/09 +0200, Patrik F舁tstr wrote:
> >--On 2002-04-08 14.26 -0400 Francois Yergeau <FYergeau@alis.com> wrote:
> >
> > > Yes.
> >
> >Good. I am happy you are interested in doing this work.
> >
> >I have a couple of other people which told me they could help aswell. I
> >presume you are ok with taking the token here.
> >
> >Martin Drst and myself talked over the phone the other day, and he let me
> >know he had a list of things he would like to have changed in the document,
> >so a new I-D seems to be needed.
>
> Here is the list of the main things that I think should be done:
>
> - Say something about the BOM (probably something along the lines:
> this exists, but is not recommended)
>
> - Remove some historical stuff, move the rest of it to a separate
> section (in the back rather than in the front).
>
> - Check/update terminology with respect to UCS-2/UTF-16,...
>
> - Check/update references
>
> Any comments? Any other main points?
>
> If I have time (e.g. over the weekend), I will mark up the current
> text in xml2rfc and start editing.
>
> Regards, Martin.
>
-------------------------------------------------------------- --
Visit our Internet site at http://www.reuters.com
Any views expressed in this message are those of the individual
sender, except where the sender specifically states them to be
the views of Reuters Ltd.