[Cryptography] canonicalizing unicode strings.
Viktor Dukhovni
cryptography at dukhovni.org
Tue Jan 16 22:23:53 EST 2018
> On Jan 15, 2018, at 10:30 PM, John Levine <johnl at iecc.com> wrote:
>
> I think the normal approach is to accept strings only in a single
> script. Mixed scripts are generally malicious in any sort of
> identifier context.
Except that, for example, an email address may have a non-LATIN
localpart alongside a LATIN (ASCII) domain name. Or some of the
labels of a domain may be in a different script that the parent
domain. (I have духовный.org, in which the first label is
Cyrillic, and .org is of course Latin US-ASCII).
--
Viktor.
More information about the cryptography
mailing list