[Cryptography] canonicalizing unicode strings.

[John Levine]

In article <20180201221020.GM10954 at localhost> you write:
>But usage evolves.  So, for example, in Korea adding an "ing" Latin
>suffix is a common thing now.  Suppose that became popular among
>Devangari users?  Or suppose they mix digits from Latin in otherwise
>Devangari text.

If it were me, I would have script mixing rules, and if people
familiar with those scripts said they were OK to mix, I'd mark them as
OK to mix.

>None of this means that one should reject mixed script new passwords.
>However, users should be warned about difficulty of password entry.

Surely we don't have to rehash all the reasons why user education
about security issues is an oxymoron.  If they're not going to be able
to enter their password reliably, do them a favor and make them choose
a different one.

R's,
John