[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

RE: Excellent IETF BCP on XML

• To: 'Miles Sabin' <miles@m...>, XML Dev <xml-dev@l...>
• Subject: RE: Excellent IETF BCP on XML
• From: "Bullard, Claude L (Len)" <clbullar@i...>
• Date: Fri, 22 Nov 2002 14:39:58 -0600

Tim Bray assured us on the www-tag list that 
the namespace UR:/URI in no way is a security issue 
and cited his experience with security agencies 
of the US Government.   I gotta believe they 
thought about this.  In effect, the protocol 
designer has to specify what is to be done 
via automagic dereferencing as URIs are always 
dereferenceable.

len


From: Miles Sabin [mailto:miles@m...]

Simon St.Laurent wrote,

> So is RDDL now a security risk?

Potentially ... yes.

How many times have we discussed the external entity thing on this list 
now? Any of the issues with them apply equally here.

And in fact David Megginson warned about the dangers of automagically 
dereferencing namespace URIs long before RDDL came along,

• Follow-Ups:
  • Re: Excellent IETF BCP on XML
    • From: Tim Bray <tbray@t...>
  • Re: Excellent IETF BCP on XML
    • From: Miles Sabin <miles@m...>

• Prev by Date: Re: Excellent IETF BCP on XML
• Next by Date: Re: Excellent IETF BCP on XML
• Previous by thread: Re: Excellent IETF BCP on XML
• Next by thread: Re: Excellent IETF BCP on XML
• Index(es):
  • Date
  • Thread