[standards-jig] A late security comment on JEP-0020 (and randomcomments about #31)
paul_lloyd at hp.com
Thu May 16 14:59:17 UTC 2002
David Waite wrote:
> random question about JEP-0031 - why does all data need to be processed
> in network-byte-order UTF-16; Jabber requires only UTF-8 support to
> connect, so that means all clients will require some mechanism for
> handling both character encodings (and conversion between). UTF-8 also
> has the benefit of not having system byte endianness as an issue. Also,
> does the data need to be normalized for these algorithms to work? (I
> assume it does for any sort of signing to function correctly, but I'm
> still only a third of the way through your JEP)
1) All that's needed is a canonicalization.
2) UTF-8 has advantages over UTF-16 for our purposes.
An easy change to make now ;-)
|\/\/\/| "I DIDN'T DO IT, MAN!"
| | Paul Lloyd
| (o)(o) Infrastructure Strategic Engineering
C _) Strategy and Architecture Leadership Team
| ,___| voice: 650-236-3704
| / FAX: 650-236-3632
/____\ MSN Messenger: paul_lloyd at hp.com
/ \ plloyd at corp.hp.com
More information about the Standards