Re: Consensus call to include Display Strings in draft-ietf-httpbis-sfbis

--------
Ilari Liusvaara writes:
> On Thu, Jun 29, 2023 at 09:19:42AM +0000, Poul-Henning Kamp wrote:

> > There is no way to make UniCode safe, because it is anyones guess what
> > UniCode decides to add later.
>
> I did some digging about when Unicode last added some "interesting"
> stuff. The last one I could find was some additional direction
> overrides from 2013. All the other "interesting" stuff seems to be
> from 1993 (the very first version of Unicode). And the Cc stuff seems
> to be even older than that.

Did you also find where they promised to never do anything silly again ?

If so, please share a link, because I cannot find it anywhere...

> > Avoiding any and all hazards related to that /at the HTTP level/, is
> > why I still think we should base64 encode them, instead of the mutant
> > percent-with-the-random-backslash-thrown-in currently proposed.
>
> How would that help? Even currently, all that stuff must be escaped.
> And the hazards of unicode are associated with displaying it, and then
> it does not matter if it was percent-encoded or base64-encoded.

All the characters in b64 output are graphical and "safe", and b64
data is already part of the "vocabulary" of HTTP fields, where it
is used to transport things you should not throw at a terminal, so
there is no risk of some program somewhere doing something stupid.

And you are right about efficiency:

It is much more efficient than %xx for approximately half
the worlds populations primary and often only languages.

But more importantly, b64 is already part of the specification, so
less code will have to be written for SFbis.

> However, encoding not capable of representing Cc would be entierely
> different thing. And clearly Cc contains by far the most hazardous
> stuff in the entiere Unicode.

As I said: I dont think we improve the situation by wading into that
sump, apart from clearly signing it's existence.

Poul-Henning

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Friday, 30 June 2023 05:11:33 UTC