xml-dev - RE: [xml-dev] Excellent IETF BCP on XML

RE: [xml-dev] Excellent IETF BCP on XML

[ Lists Home | Date Index | Thread Index ]

To: 'Miles Sabin' <miles@milessabin.com>, XML Dev <xml-dev@lists.xml.org>
Subject: RE: [xml-dev] Excellent IETF BCP on XML
From: "Bullard, Claude L (Len)" <clbullar@ingr.com>
Date: Fri, 22 Nov 2002 14:39:58 -0600

Tim Bray assured us on the www-tag list that 
the namespace UR:/URI in no way is a security issue 
and cited his experience with security agencies 
of the US Government.   I gotta believe they 
thought about this.  In effect, the protocol 
designer has to specify what is to be done 
via automagic dereferencing as URIs are always 
dereferenceable.

len


From: Miles Sabin [mailto:miles@milessabin.com]

Simon St.Laurent wrote,

> So is RDDL now a security risk?

Potentially ... yes.

How many times have we discussed the external entity thing on this list 
now? Any of the issues with them apply equally here.

And in fact David Megginson warned about the dangers of automagically 
dereferencing namespace URIs long before RDDL came along,

Follow-Ups:
- Re: [xml-dev] Excellent IETF BCP on XML
  - From: Tim Bray <tbray@textuality.com>
- Re: [xml-dev] Excellent IETF BCP on XML
  - From: Miles Sabin <miles@milessabin.com>

Prev by Date: Re: [xml-dev] Excellent IETF BCP on XML
Next by Date: Re: [xml-dev] Excellent IETF BCP on XML
Previous by thread: Re: [xml-dev] Excellent IETF BCP on XML
Next by thread: Re: [xml-dev] Excellent IETF BCP on XML
Index(es):
- Date
- Thread