[standards-jig] A late security comment on JEP-0020 (and randomcomments about #31)

Paul Lloyd paul_lloyd at hp.com
Thu May 16 14:59:17 UTC 2002


David Waite wrote:

> random question about JEP-0031 - why does all data need to be processed
> in network-byte-order UTF-16; Jabber requires only UTF-8 support to
> connect, so that means all clients will require some mechanism for
> handling both character encodings (and conversion between). UTF-8 also
> has the benefit of not having system byte endianness as an issue. Also,
> does the data need to be normalized for these algorithms to work? (I
> assume it does for any sort of signing to function correctly, but I'm
> still only a third of the way through your JEP)

You're right:

1) All that's needed is a canonicalization.

2) UTF-8 has advantages over UTF-16 for our purposes.

An easy change to make now ;-)


  |\/\/\/|        "I DIDN'T DO IT, MAN!"
  |      |
  |      |        Paul Lloyd
  | (o)(o)        Infrastructure Strategic Engineering
  C      _)       Strategy and Architecture Leadership Team
   | ,___|        voice:          650-236-3704
   |   /          FAX:            650-236-3632
  /____\          MSN Messenger:  paul_lloyd at hp.com
 /      \         plloyd at corp.hp.com

More information about the Standards mailing list