OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] Excellent IETF BCP on XML

[ Lists Home | Date Index | Thread Index ]

Bullard, Claude L (Len) wrote,
> Tim Bray assured us on the www-tag list that the namespace UR:/URI in
> no way is a security issue and cited his experience with security
> agencies of the US Government.   I gotta believe they thought about
> this.

Why?

OK, maybe US government security agencies have, but what about everyone 
else?

> In effect, the protocol designer has to specify what is to be done
> via automagic dereferencing as URIs are always dereferenceable.

Right, but protocols with security flaws aren't exactly unknown. And 
even if the protocol nails everything down precisely, there are buggy 
implementations. And even if an implementation is perfect, it's 
environment might not be ... a teensy bit of DNS cache poisioning can 
turn a harmless seeming URI into a dangerous one.

Cheers,


Miles




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS