xml-dev - Re: [xml-dev] Excellent IETF BCP on XML

Re: [xml-dev] Excellent IETF BCP on XML

[ Lists Home | Date Index | Thread Index ]

To: XML Dev <xml-dev@lists.xml.org>
Subject: Re: [xml-dev] Excellent IETF BCP on XML
From: Miles Sabin <miles@milessabin.com>
Date: Fri, 22 Nov 2002 22:29:58 +0000
In-reply-to: <15725CF6AFE2F34DB8A5B4770B7334EE0DF8DE@hq1.pcmail.ingr.com>
References: <15725CF6AFE2F34DB8A5B4770B7334EE0DF8DE@hq1.pcmail.ingr.com>

Bullard, Claude L (Len) wrote,
> Tim Bray assured us on the www-tag list that the namespace UR:/URI in
> no way is a security issue and cited his experience with security
> agencies of the US Government.   I gotta believe they thought about
> this.

Why?

OK, maybe US government security agencies have, but what about everyone 
else?

> In effect, the protocol designer has to specify what is to be done
> via automagic dereferencing as URIs are always dereferenceable.

Right, but protocols with security flaws aren't exactly unknown. And 
even if the protocol nails everything down precisely, there are buggy 
implementations. And even if an implementation is perfect, it's 
environment might not be ... a teensy bit of DNS cache poisioning can 
turn a harmless seeming URI into a dangerous one.

Cheers,


Miles

References:
- RE: [xml-dev] Excellent IETF BCP on XML
  - From: "Bullard, Claude L (Len)" <clbullar@ingr.com>

Prev by Date: Re: [xml-dev] XHTML and OpenOffice
Next by Date: RE: [xml-dev] XHTML and OpenOffice
Previous by thread: RE: [xml-dev] Excellent IETF BCP on XML
Next by thread: Re: [xml-dev] Excellent IETF BCP on XML
Index(es):
- Date
- Thread