- From: Martin Duerst <duerst@it.aoyama.ac.jp>
- Date: Tue, 01 Apr 2008 14:15:52 +0900
- To: "Roy T. Fielding" <fielding@gbiv.com>, Henrik Nordstrom <henrik@henriknordstrom.net>
- Cc: Julian Reschke <julian.reschke@gmx.de>, Stefan Eissing <stefan.eissing@greenbytes.de>, Robert Sayre <rsayre@mozilla.com>, Jamie Lokier <jamie@shareable.org>, HTTP Working Group <ietf-http-wg@w3.org>
At 03:28 08/04/01, Roy T. Fielding wrote: > >On Mar 31, 2008, at 10:51 AM, Henrik Nordstrom wrote: >> But at least IE6 has optional support for sending URLs using raw >> UTF-8, >> and it do send raw UTF-8 in the Host header in such setups.. > >Whoa, that will open up a new can of security worms. Do you mean due to the nature of UTF-8, or due to implementations that didn't do enough defensive programming? Some of this has been around for quite a while. With security, there is no 100%, but the chances are that potential security holes have already received some scrutinity. Regards, Martin. #-#-# Martin J. Du"rst, Assoc. Professor, Aoyama Gakuin University #-#-# http://www.sw.it.aoyama.ac.jp mailto:duerst@it.aoyama.ac.jp
Received on Tuesday, 1 April 2008 06:26:33 UTC