Ned Freed wrote:
I may be stretching it too far here, but AFAIK, there are implementations
that truncate strings, thus corrupting test results. Trying to label them
non-conforming probably won't succeed, but we should not silently ignore
this problem.
I guess there are two choices:
A) Require correct handling of NUL
B) Strongly prefer correct handling of NUL and warn about the dangers of
not doing so in the security considerations
I have no major problem with A but I think B is a better choice. FWIW, the
implementation I work on has no problem handling NULs, but I worry that
this will make many other implementations non-conforming.
I suspect that Cyrus Sieve doesn't handle encoded NULs properly. So I
would prefer B.