At 01:21 PM 2/7/02 -0500, Elliotte Rusty Harold wrote: >I'm not sure Unicode can be fixed at this point. The flaws may be too >deeply embedded. The real solution may involve waiting until companies and >people start losing significant amounts of money as a result of the flaws >in Unicode, and then throwing it away and replacing it with something else.
This sounds nice and dramatic, but misses the point that the kinds of issues you highlighted are absolutely common to *all* character sets containing Latin and Greek, or Latin and Cyrillic characters, suggesting that you are simply grandstanding here, instead of trying to find real solutions to your problem. Earlier, you accused Unicode of being in denial about security issues: It is you who is in denial about some underlying realities, among which is that there are security issues that cannot be "fixed" by designing a 'better' character set. You remind me of the people who keep on designing perpetual motion devices, even after the laws of thermodynamics proved the futility of such efforts. If you are interested in advancing security you would stop from barking up this blind alley and focus your energy on attacking the problems with other means. Plenty of suggestions have been made in this space over the last few days. Some of all of these should be explored. But if we learned anything useful in this exchange, it is that no security scheme should be designed so that it is dependent on the character encoding as primary defense against spoofing. Doing so would burden the character encoding with a task it will never be capable of fulfilling, since it would mean seriously compromising support for the tasks for which it was created in the first place. A./
