xml-dev - Re: [xml-dev] The sky is falling! XML's dirty secret! Go back! It's a t

Re: [xml-dev] The sky is falling! XML's dirty secret! Go back! It's a t

[ Lists Home | Date Index | Thread Index ]

To: Seairth Jacobs <seairth@seairth.com>
Subject: Re: [xml-dev] The sky is falling! XML's dirty secret! Go back! It's a trap!
From: Tim Bray <tbray@textuality.com>
Date: Thu, 30 May 2002 13:53:06 -0700
Cc: xml-dev@lists.xml.org
References: <200205240339.XAA19934@mail.reutershealth.com> <3CEE4C20.2050405@textuality.com> <3CF59E14.4000006@textuality.com> <006e01c20818$812220d0$6800a8c0@seairthlaptop>
User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.0rc1) Gecko/20020417

Seairth Jacobs wrote:
> Okay, maybe I am slow to see what's wrong here, but I don't see what's wrong
> here.  I have questions about the security solution presented, but isn't the
> problem itself legitimate?  If it isn't, would someone be kind enough to
> educate me why a self-describing data file is not an easier target for data
> theft?

Shipping unencrypted sensitive information from anywhere to anywhere 
over any medium whatsoever is egregiously stupid.  Fortunately, the 
infrastructure is well-supplied with tools to support secure encrypted 
transmission of anything from anywhere to anywhere; whether the anything 
is XML or not is purely orthogonal.

(Now there's enough of a business case for doing partial encryption 
(i.e. of particular elements) in XML that there's a W3C WG and so on - 
it always seemed questionable to me but I assume I just don't understand 
their apps.)  But the reason for doing this has nothing to do whether 
XML is particularly vulnerable to theft when transmitted unencrypted... 
if I'm a bad guy I'll be just as happy with a TIFF image of a credit 
card charge slip... -Tim

Follow-Ups:
- Re: [xml-dev] The sky is falling! XML's dirty secret! Go back! It's a trap!
  - From: Uche Ogbuji <uche.ogbuji@fourthought.com>
- Re: [xml-dev] The sky is falling! XML's dirty secret! Go back! It's a trap!
  - From: "John Evdemon" <jevdemon@acm.org>

References:
- Re: [xml-dev] DTDs, W3C Schemas, RELAX NG, Schematron?
  - From: John Cowan <jcowan@reutershealth.com>
- Re: [xml-dev] DTDs, W3C Schemas, RELAX NG, Schematron?
  - From: Tim Bray <tbray@textuality.com>
- The sky is falling! XML's dirty secret! Go back! It's a trap!
  - From: Tim Bray <tbray@textuality.com>
- Re: [xml-dev] The sky is falling! XML's dirty secret! Go back! It's a trap!
  - From: "Seairth Jacobs" <seairth@seairth.com>

Prev by Date: XML Schema: Getting lookup tables from DB
Next by Date: Re: [xml-dev] The sky is falling! XML's dirty secret! Go back! It's a trap!
Previous by thread: Re: [xml-dev] The sky is falling! XML's dirty secret! Go back! It's a trap!
Next by thread: Re: [xml-dev] The sky is falling! XML's dirty secret! Go back! It's a trap!
Index(es):
- Date
- Thread