OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Traffic Analysis and Namespace Dereferencing

Miles Sabin writes:

 > It's worth bearing in mind that this also applies to the
 > dereferencing of DTD external subsets.

Absolutely correct -- that's why XML documents for production-side
systems should not include DOCTYPE statements.  DTDs and XML Schemas
belong mainly on the authoring side (both as templates for input tools
and for debugging).

 > I can't help worrying that unintentional DoS might turn out to be 
 > a major problem in the not too distant future ... the W3C's 
 > servers host an awful lot of critical DTDs, and a awful lot of 
 > generic XML processors don't cache external subsets or use 
 > caching HTTP proxies by default. So what would happen if w3.org 
 > collapsed under the strain of a couple of hundred thousand XML 
 > editors all starting up at once?

People will find ways to route around the damage.  The only question
is whether people will blame bad design practices or XML itself.
w3c.org has already had some pretty-long outages, but since virtually
no one uses client-side XML, not much happened.

All the best,


David Megginson                 david@megginson.com