[
Lists Home |
Date Index |
Thread Index
]
I must have overestimated this reply:
Re: TB16 Re: Comments on arch doc draft
Author: Tim Bray <tbray@textuality.com>,
Date: Tue, 02 Jul 2002 14:47:55 -0700 List: Public/www-tag
I have to hope those that should are thinking
clearly about the security issues associated
with the use of URIs as names and their ubiquity
throughout XML. We've been around this issue
many times and the insistence that dereferenceable
strings be used rather than purposefully non-dereferenceable
names always outweighs the security concerns.
Certainly, one pleads for common sense and competence,
but installations often break jobs and duties up among
different individuals and groups, and that means
competence is averaged at best. In such a situation, guidelines
must be explicit and the processes for applying them,
well executed and well checked.
Safe doesn't mean "Secure" and that should be made clear.
len
-----Original Message-----
From: Tim Bray [mailto:tbray@textuality.com]
Bullard, Claude L (Len) wrote:
> Tim Bray assured us on the www-tag list that
> the namespace UR:/URI in no way is a security issue
> and cited his experience with security agencies
> of the US Government. I gotta believe they
> thought about this. In effect, the protocol
> designer has to specify what is to be done
> via automagic dereferencing as URIs are always
> dereferenceable.
I don't believe this for a second and hope I didn't say that. Should
something like RDDL take off it would provide a convient place for
black-hats to point to subversive code that does nasty stuff.
Note that dereferencing a URI via GET is in principle and as far as I
can tell in practice safe, assuming you protect against infinitely-large
resource representations. Acting on the data you get carries risk that
is in principle and in practice unbounded and requires all sorts of
trust infrastructure -Tim
|