[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "Binary XML" proposals
- From: David Brownell <firstname.lastname@example.org>
- To: Miles Sabin <MSabin@interx.com>, email@example.com
- Date: Wed, 11 Apr 2001 08:27:25 -0700
> > > If you mean particular identifiable implementations, then no,
> > > not unless I'm allowed to count BINDs 4, 8, and 9 separately.
> > Nope, and not client-only implementations either! :)
> No fair ... rationale please.
Fair because I originally asked for different servers; I asked
that question specifically to highlight the severe lack of diversity
in that binary protocol you chose as your counter-example.
> > DNS is not an example of a "widely implemented" protocol;
> > "widely deployed" is rather different. (Arguably, you just
> > picked a bad example ... where there's really only one
> > significant implementation.)
> But that's simply not true.
Your assertion doesn't make it become "not true" though.
It's true enough to have become a significant security
concern to a number of people: a fat target for crackers.
> How many HTTP servers can you name? How
> many proxies?
Apache, Zeus, Tomcat, Squid, TUX2, Thttpd, Netscape Enterprise.
There are hundreds more, but you probably knew that ... and those are
not comparable: HTTP is a text based protocol, DNS is a binary one.
> > > Interoperability isn't simply due to a lack of diversity.
> > Actually, for DNS it's been a major factor. Original specs did
> > not match the implementation, and for all I know that's still
> > an issue ... because that implementation was so widely deployed
> > that it became the real protocol spec.
> That's not exactly unusual in the protocol space.
Call it a bug for which a fix is known: "Open Systems"
are a counter for "Closed (Proprietary) Systems".
> The real killer isn't text vs. binary: it's who's in control of
> change. If a vendor can make egregious changes from release to
> release then you're stuffed, text or binary. This, I think, counts
> in favour of a binary standard even by your own criteria: it
> would make it harder (nb. harder, not impossible) for anyone to
> make unilateral changes.
Change control is certainly an issue ... but it assumes that
all vendors in the market are actually conforming to the spec!
Doesn't matter what the paper spec says if it has no teeth,
because the real spec is the Vendor X implementation.
And unfortunately few vendors nowadays have shown they
really care much about conformance (say, in the XML space)
until customers start dinging them on it. Maybe not even then,
when the effort gets too inconvenient. So the easier it is for
customers to detect and publicize such vendor bugs, the
better the market serves customer (not vendor) needs.