[I18n-sig] Re: Unicode 3.1 and contradictions.

[Martin v. Loewis]

> > The UTF-8 representations of U+D800..U+DFFF, U+FFFE, and U+FFFF are not
> > allowed in a UTF-8 stream and a secure UTF-8 decoder must never output
> > any of these characters.
> 
> Can you explain a bit more about the security issues?

I don't understand the comment about filters, but one aspect is the
requirement for a canonical encoding: If you encrypt two pieces of
text of code with the same key, the original pieces must be considered
equal iff the encrypted versions are equal. Non-canonical forms break
this guarantee: the pieces might be equal even if the encrypted output
is not.

Regards,
Martin