[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Updated: Security in Unicode

To: linux-utf8@xxxxxxxxxxxx
Subject: Re: Updated: Security in Unicode
From: Edmund GRIMLEY EVANS <edmundo@xxxxxxxx>
Date: Wed, 6 Feb 2002 09:56:32 +0000
In-reply-to: <20020206094502.A17264@chanae.alphanet.ch>
List-archive: <http://mail.nl.linux.org/linux-utf8/>
List-help: <mailto:listar@nl.linux.org?Subject=help>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:linux-utf8@nl.linux.org>
List-software: Listar version 1.0.0
List-subscribe: <mailto:linux-utf8-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-utf8-request@nl.linux.org?Subject=unsubscribe>
Original-recipient: rfc822;linux-utf8-archive@nl.linux.org
References: <E16Y5wy-0005pO-00@wisbech.cl.cam.ac.uk> <Pine.LNX.4.44.0202060918070.18512-100000@suse.blue-edge-tech.com> <20020206094502.A17264@chanae.alphanet.ch>
Reply-to: linux-utf8@xxxxxxxxxxxx
Sender: linux-utf8-bounce@xxxxxxxxxxxx
User-agent: Mutt/1.3.27i

Pablo Saratxaga <pablo@xxxxxxxxxxxxxxxx>:

> >   What if the software we are using would have built in sanity checks
> >   using reversible algorithms to convert the bitstream to a view, and
> >   convert it back to check if we get back the same stream? What
> 
> I don't understand the usefulness of that.

It checks that no information is being thrown away by the viewing
software.

> Also, rendering is, by nature, always different: you change the width
> of your window and the text will wordwrap and linewrap at different places.

That is one of many things that makes it difficult to compute an
inverse of the viewing functions.

However, if you could use an inverse function for checking it would
catch many potential problems. For example, it might be that some
versions of the software show emphasised words in bold, but other
versions show nothing, because the font is missing, or something like
that, so a signed message in which the emphasised word "not" appears
at the end of a line could cause mischief as different recipients
interpret the message differently.

By the way, is this sort of problem more dangerous that I think it is?
I can't think of likely situations in which much damage would be done
by this sort of thing, and in any case there is always a potential
problem with different people interpreting the same message in
different ways while the communication is taking place in a "natural
language" like English or Basque or whatever. A clever writer can
deliberately exploit this.

Edmund
--
Linux-UTF8:   i18n of Linux on all levels
Archive:      http://mail.nl.linux.org/linux-utf8/

Follow-Ups:
- Re: Updated: Security in Unicode
  - From: Gaspar Sinai

References:
- Re: Updated: Security in Unicode
  - From: Markus Kuhn
- Re: Updated: Security in Unicode
  - From: Gaspar Sinai
- Re: Updated: Security in Unicode
  - From: Pablo Saratxaga

Prev by Date: Re: Updated: Security in Unicode
Next by Date: Ispell and Unicode
Previous by thread: Re: Updated: Security in Unicode
Next by thread: Re: Updated: Security in Unicode
Index(es):
- Date
- Thread