OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] Excellent IETF BCP on XML

[ Lists Home | Date Index | Thread Index ]

Bullard, Claude L (Len) wrote:

> Tim Bray assured us on the www-tag list that
> the namespace UR:/URI in no way is a security issue
> and cited his experience with security agencies
> of the US Government.   I gotta believe they
> thought about this.  In effect, the protocol
> designer has to specify what is to be done
> via automagic dereferencing as URIs are always
> dereferenceable.

I don't believe this for a second and hope I didn't say that.  Should 
something like RDDL take off it would provide a convient place for 
black-hats to point to subversive code that does nasty stuff.

Note that dereferencing a URI via GET is in principle and as far as I 
can tell in practice safe, assuming you protect against infinitely-large 
resource representations.  Acting on the data you get carries risk that 
is in principle and in practice unbounded and requires all sorts of 
trust infrastructure -Tim





 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS