WebApp Sec mailing list archives
Unicode security discussion paper
From: "Andrew van der Stock" <vanderaj () greebo net>
Date: Tue, 15 Mar 2005 11:39:46 +1100 (EST)
Bruce Scheiner blogged this: http://www.schneier.com/blog/archives/2005/02/unicode_url_hac_1.html http://www.schneier.com/crypto-gram-0007.html#9 Here's the Unicode consortium's discussion paper. http://unicode.org/reports/tr36/ I think the problem (of trustworthy interfaces) is going to get worse (XAML / XUL comes to mind). Do you think their proposals ( * keep up to date with Unicode standards * reduce the use of confusable fonts * following the rules of IDN properly (Mozilla / Firefox - please note!) * character folding and restrictions on DNS registries * appropriate alerts ) are enough? They are looking for comments, so I think this is a perfect opportunity to provide feedback. thanks, Andrew
Current thread:
- Unicode security discussion paper Andrew van der Stock (Mar 18)