On 2018-03-18 19:08, C. Scott Ananian wrote:
On Fri, Mar 16, 2018 at 9:42 PM, Anders Rundgren <[email protected] <mailto:[email protected]>> wrote:Scott A: https://en.wikipedia.org/wiki/Security_level <https://en.wikipedia.org/wiki/Security_level> "For example, SHA-256 offers 128-bit collision resistance" That is, the claims that there are cryptographic issues w.r.t. to Unicode Normalization are (fortunately) incorrect. Well, if you actually do normalize Unicode, signatures would indeed break, so you don't. Where do you specify SHA-256 signatures in your standard? If one were to use MD5 signatures, they would indeed break in the way I describe. It is good security practice to assume that currently-unbroken algorithms may eventually break in similar ways to discovered flaws in older algorithms. But in any case, it is simply not good practice to allow multiple valid representations of content, if your aim is for a "canonical' representation.
Other people could chime in on this since I have already declared my position on this topic. BTW, my proposal comes without cryptographic algorithms. Does Unicode Normalization [naturally] belong to the canonicalization issue we are currently discussing? I didn't see any of that in Richard's and Mike's specs. at least. Anders _______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
