OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Re: [xml-dev] Features of XML Languages that Increase Complexity?

On 4/14/13 12:14 PM, Dimitre Novatchev wrote:
> On Sun, Apr 14, 2013 at 7:47 AM, Simon St.Laurent <simonstl@simonstl.com> wrote:
>> On 4/14/13 7:55 AM, Costello, Roger L. wrote:
>>> Clearly if a feature elevates the language's complexity to "recursively
>>> enumerable" then you will want to avoid that feature.
>>> Recall that as a language increases in complexity its attack surface
>>> increases. For a recursively enumerable language "no amount of
>>> programmer or QA effort can expose a comprehensive selection of the
>>> language's exploitable vulnerabilities" [3]. In other words, your
>>> language and its processing applications cannot be secured.
>> Roger, are you working for the permanently paranoid?  Is the only
>> communication to be allow safe communications?
>> My strong advice to you and all your customers is to run as far away as you
>> can from communications of all kinds that are not strictly and utterly
>> controlled with severe, instant, and precise punishment for anyone who dares
>> send you something even slightly dangerous.
> It would be really, tragically ironic not to pay attention to these
> problems until it is too late and suddenly the whole infrastructure of
> one's country has been destroyed/immobilized by cyber warfare.
> I am just a normal citizen, for whom recent events haven't just
> slipped without noticing.

Perhaps I may phrase this differently, in a way that will make more 
sense to those who think such destruction is a danger:

If you really need to have secure, hardened, and resilient 
communications, why on earth would you even think of using XML?

There are plenty of other tools that make more sense for that.  Roger's 
already listed key features, and I suspect - though it's been a while - 
that he's really looking for ASN.1 or similar.

Simon St.Laurent

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS