[langsec-discuss] TJSON: Tagged JSON with Rich Types

Jeffrey Goldberg jeffrey at goldmark.org
Wed Oct 26 18:48:48 UTC 2016


On Oct 26, 2016, at 11:34 AM, Tony Arcieri <bascule at gmail.com> wrote:

> On Tue, Oct 25, 2016 at 11:16 PM, Jeffrey Goldberg <jeffrey at goldmark.org> wrote:
> > If the UTF8 strings aren't normalized, you will get different hashes for visually and semantically identical strings. 
> 
> Unicode normalization is presently an optional flag in objecthash,

I noticed that only after sending my message.

> but should be on by default (I think?) and supported by all implementations.

Yep.

Again, thanks for getting this started. This has been something I’ve been concerned about for a while, but not sufficiently concerned about to actually act on.

Cheers,

-j


More information about the langsec-discuss mailing list