[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-libunistring] Unicode security specifications
From: |
Simon Josefsson |
Subject: |
Re: [bug-libunistring] Unicode security specifications |
Date: |
Thu, 01 Feb 2024 14:06:10 +0100 |
User-agent: |
Evolution 3.44.4-0ubuntu2 |
ons 2024-01-31 klockan 16:54 +0100 skrev Bruno Haible:
> Hi Simon,
>
> The Unicode 15.1.0 announcement [1] says:
> "Security-related updates have been made to
> UAX #9, Unicode Bidirectional Algorithm
> and
> UAX #31, Unicode Identifiers and Syntax
> along with updates to
> UTS #39, Unicode Security Mechanisms.
> These updates complement the release of a new Unicode Technical
> Standard,
> UTS #55, Unicode Source Code Handling."
>
> Do you have a feeling on the importance of these specifications?
> Which types of applications could make use of them, and for which
> applications are they mandatory or highly recommended?
Hi. That is a good question, and I've been trying to wrap my head
around the changes in 15.1 and their impact for IDNA. Definitely UAX#9
is relevant, but I'm sure the others could have impact as well. The
changelogs are useless to me for finding out what the security problems
they refer to are, and I didn't easily find a way to diff the revisions
easily. The standards are either very low-level or high-level so it is
also difficult to extract any real practical consequences from low-
level modifications.
Btw, I am working on adding self-test that parses UTC's IdnaTestV2.txt
for libidn2 to better have confidence in any changes, and wanted to
wait if I can finish that before upgrading the included libunistring
from 15.0 to 15.1 in libidn2, to see if that change introduces any
regressions or changed behaviour. Unfortunately, I noticed some
deviations between libidn2 and TR46 so resolving that needs to be
finished first, and it doesn't look trivial.
/Simon
>
> Bruno
>
> [1]
> http://blog.unicode.org/2023/09/announcing-unicode-standard-version-151.html
>
>
>
signature.asc
Description: This is a digitally signed message part
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [bug-libunistring] Unicode security specifications,
Simon Josefsson <=