Hi, Thank you for the comments. Please see my arguments below. On Thu, 14 Feb 2002, Glenn Maynard wrote:
> You didn't seem to respond to the comments of your page on the earlier > thread. If you're going to take such an extreme stance as "Unicode text > is inherently unsecure", you need to defend it. So, my own impressions: > > On Fri, Feb 15, 2002 at 10:16:39AM +0900, Gaspar Sinai wrote: > > I mostly recovered my shock :) Most people pointed out that the > > real juice on my security page was the second example. > > > > http://www.yudit.org/security/ > > > "At yudit.org, we maintain the view that Unicode text is inherently > > unsecure, until the current bi-directional algorithm defined by the > > Unicode Consortium is changed to be reversable. There should be an > > algorithm defined that converts logical order to view order, and there > > should be a separate algorithm defined that converts view order to > > logical order. If such algorith-pair existed we could also run sanity > > check on our rendering software. > > > > At yudit.org we will not sign digitally a Unicode document while this > > possiblity exists." > > Mind elaborating on this logic? Since there's an off chance that text > might be seen incorrectly in a few languages (and if this happens, there's > an off chance in a few extremely contrived cases that it might make a > sentence with a different meaning), you'll never sign messages in any > language at any time? > > Signing text doesn't say "you will interpret this message as I intend", > it just makes sure it doesn't get tampered with in transit and verifies > who the message is from. It's not the signature's job to make sure it's > rendered, read or interpreted correctly. > > Assuming that this *is* a real security problem, not signing messages > doesn't help anything; it just reduces security further. I can hardly > see what this has to do with signatures at all. You are right this page could be clearer than it is. I may rearrange this as soon as things clear up a bit. My point is: having a reverse algorithm would solve a lot of problems: the viewer of the text could actually run the reverse algorthm and imagine the bitstream before signing it. They may argue that the standard can not be changed. > Also, regardless of the severity of this problem, Unicode text is not > *inherently* insecure; that implies it's fundamentally flawed and can't > be fixed. I don't think that's what you mean. > > The rest of the page is useful as an example of the problem; whether or > not it's a serious issue is debatable, but it's clearly something people > should know about. Basically this second example is just demonstrating that there is a problem. According to the threads in http://www.yudit.org/security/mail/ One can see this comment: > Outlook Express, at least the version you are using, has a bug; > it is failing to set the overall directionality to RTL even > though the first character is strongly RTL. The fact that > some implementations are buggy is hardly an argument against > either the use of bidi or Unicode. And this is followed by this comment: >Of course the bidi algorithm permits using a higher-level protocol to >set the paragraph direction (see note under rule P3, TUS 3.0 page 61). >Thus one could argue that this isn't necessarily a bug in Outlook >Express -- at least it isn't a violation of the standard. Which pretty much shows that there is an ambiguity and the algorithm should change. My argument would be: if it needs to be changed anyway can it be changed to make digital signatures easier and put scripts, like Old Hungarian (rovasiras) in it that can be written in both directions? I could not reach this level in my arguments because I was told that there is no problem at all and I felt I have two choices: being violent or just silently unsubscribe from the list. I chose that latter. Thanks you gaspar -- Linux-UTF8: i18n of Linux on all levels Archive: http://mail.nl.linux.org/linux-utf8/
