[I18n-sig] Re: Unicode 3.1 and contradictions.

Martin v. Loewis martin@loewis.home.cs.tu-berlin.de
Fri, 29 Jun 2001 00:10:46 +0200

> > The UTF-8 representations of U+D800..U+DFFF, U+FFFE, and U+FFFF are not
> > allowed in a UTF-8 stream and a secure UTF-8 decoder must never output
> > any of these characters.
> Can you explain a bit more about the security issues?

I don't understand the comment about filters, but one aspect is the
requirement for a canonical encoding: If you encrypt two pieces of
text of code with the same key, the original pieces must be considered
equal iff the encrypted versions are equal. Non-canonical forms break
this guarantee: the pieces might be equal even if the encrypted output
is not.