Soobok Lee <[EMAIL PROTECTED]> wrote: > 6. Unassigned Code Points in Stringprep Profiles > > This section describes two different types of strings in typical > protocols where internationalized strings are used: "stored strings" > and "queries". > > Is this classification from over-simplifications ? only two types? Is > there any 3rd type possible?
I think what this section really depends on is that whenever two strings are compared, at least one of the strings must have been prepared using strict stringprep (no unassigned code points allowed), while the other may have been prepared using loose stringprep (unassigned code points allowed). This allows false negatives (where the strings don't match even though you wish they did), but prevents false positives (where the strings match even though they shouldn't). Applications and protocols need to do whatever is necessary to guarantee that whenever two strings are compared, at least one was prepared using strict stringprep. Typically they would satisfy that requirement by classifying strings into "stored strings" and "query strings", using strict stringprep on the stored strings, and never comparing two query strings. But it's up to each application/protocol to define that classification for its own strings. Perhaps the document should say something like that. AMC
