Re: [xml-dev] Features of XML Languages that Increase Complexity?

["Simon St.Laurent" <simonstl@simonstl.com>]

On 4/14/13 12:14 PM, Dimitre Novatchev wrote:
> On Sun, Apr 14, 2013 at 7:47 AM, Simon St.Laurent <simonstl@simonstl.com> wrote:
>> On 4/14/13 7:55 AM, Costello, Roger L. wrote:
>>>
>>> Clearly if a feature elevates the language's complexity to "recursively
>>> enumerable" then you will want to avoid that feature.
>>>
>>> Recall that as a language increases in complexity its attack surface
>>> increases. For a recursively enumerable language "no amount of
>>> programmer or QA effort can expose a comprehensive selection of the
>>> language's exploitable vulnerabilities" [3]. In other words, your
>>> language and its processing applications cannot be secured.
>>
>>
>> Roger, are you working for the permanently paranoid?  Is the only
>> communication to be allow safe communications?
>>
>> My strong advice to you and all your customers is to run as far away as you
>> can from communications of all kinds that are not strictly and utterly
>> controlled with severe, instant, and precise punishment for anyone who dares
>> send you something even slightly dangerous.
>
> It would be really, tragically ironic not to pay attention to these
> problems until it is too late and suddenly the whole infrastructure of
> one's country has been destroyed/immobilized by cyber warfare.
>
> I am just a normal citizen, for whom recent events haven't just
> slipped without noticing.

Perhaps I may phrase this differently, in a way that will make more 
sense to those who think such destruction is a danger:

If you really need to have secure, hardened, and resilient 
communications, why on earth would you even think of using XML?

There are plenty of other tools that make more sense for that.  Roger's 
already listed key features, and I suspect - though it's been a while - 
that he's really looking for ASN.1 or similar.

Thanks,
-- 
Simon St.Laurent
http://simonstl.com/