>From: [EMAIL PROTECTED]
>The article http://www.counterpane.com/crypto-gram-0007.html#9
>however is clearly a "Chicken little, 'the sky is falling'" argument
>and should be addressed as such. Let me quote the final statement in
>that section as it conveys the general tone of the section:
>
> "Unicode is just too complex to ever be secure."
>
Good points, I agree completely.
ASCII is apparently also just too complex to be secure in many cases. I'd like to see
his proposal for a secure character set/encoding. Apparently punctuation and control
characters are too complex for many programmers to implement properly. Perhaps they
should be eliminated. No doubt some of the remaining characters will seem suspicious
as well just because...they are there.
If enough characters are removed it will be impossible to communicate and so security
can finally be assured. NULL will reign supreme in lonely vigilance!! :-)
But seriously, I think most of the problems with characters and security (and
characters in programs in general) are caused by code that treats characters far too
casually. Characters need to be dealt with using higher level abstractions than
"isprint". In effect, I think simple encodings like ASCII are the _cause_ of security
problems because something like ASCII encourages naive algorithms and designs. Over
the longer run, Unicode should improve security, not reduce it.
=Ed Batutis
------------------------------------------------------------
--== Sent via Deja.com http://www.deja.com/ ==--
Before you buy.
