[Cryptography] canonicalizing unicode strings.

Viktor Dukhovni cryptography at dukhovni.org
Tue Jan 16 22:23:53 EST 2018



> On Jan 15, 2018, at 10:30 PM, John Levine <johnl at iecc.com> wrote:
> 
> I think the normal approach is to accept strings only in a single
> script.  Mixed scripts are generally malicious in any sort of
> identifier context.

Except that, for example, an email address may have a non-LATIN
localpart alongside a LATIN (ASCII) domain name.  Or some of the
labels of a domain may be in a different script that the parent
domain.  (I have духовный.org, in which the first label is
Cyrillic, and .org is of course Latin US-ASCII).

-- 
	Viktor.



More information about the cryptography mailing list