From: bstell(_at_)ix(_dot_)netcom(_dot_)com
The article http://www.counterpane.com/crypto-gram-0007.html#9
however is clearly a "Chicken little, 'the sky is falling'" argument
and should be addressed as such. Let me quote the final statement in
that section as it conveys the general tone of the section:
"Unicode is just too complex to ever be secure."
Good points, I agree completely.
ASCII is apparently also just too complex to be secure in many cases. I'd like
to see his proposal for a secure character set/encoding. Apparently punctuation
and control characters are too complex for many programmers to implement
properly. Perhaps they should be eliminated. No doubt some of the remaining
characters will seem suspicious as well just because...they are there.
If enough characters are removed it will be impossible to communicate and so
security can finally be assured. NULL will reign supreme in lonely vigilance!!
:-)
But seriously, I think most of the problems with characters and security (and
characters in programs in general) are caused by code that treats characters
far too casually. Characters need to be dealt with using higher level
abstractions than "isprint". In effect, I think simple encodings like ASCII are
the _cause_ of security problems because something like ASCII encourages naive
algorithms and designs. Over the longer run, Unicode should improve security,
not reduce it.
=Ed Batutis
------------------------------------------------------------
--== Sent via Deja.com http://www.deja.com/ ==--
Before you buy.
