Erik van der Poel <[EMAIL PROTECTED]> writes: > All, > > This is probably well known to most of you, but the General Category > Value in the Unicode Character Database and the stability of that value > are not very relevant to IDNA, which does not depend on the Unicode > Categories. > > IDNA depends on the Unicode Normalization Form KC table, and there have > been very few changes indeed in this table: > > http://www.unicode.org/Public/UNIDATA/NormalizationCorrections.txt
Don't forget the normalization flaw in Unicode 3.2 NFKC discussed in: http://www.unicode.org/review/pr-29.html Apparently the recommendation will be applied to future Unicode versions. PR-29 doesn't merely affect a small set of code points, but rather a class of strings. The special strings are all unstable under NFKC3.2. I think PR-29 is a useful example to consider when deciding how much trust you should place in the UTC's stability guarantees. The UTC's track record in this area suggest to me that the guarantee is worthless in practice. I haven't seen an evaluation of alternative solutions to the PR-29 problem. Not even signs that alternative approaches were considered. I would have expected both. > Also, IDNA apps depend on tables for converting from various non-Unicode > encodings to Unicode. This is another place where instability could > affect lookups, potentially even in dangerous ways. Stringprep and IDNA > already mention this issue in their Security Considerations sections. Right. Thanks, Simon
