[Top] [All Lists]

Re: audio, checksums, and trojan horses

1991-11-12 23:00:42
Yes, I think that objecting to TeX or troff, on the grounds that it is
underspecified, is a much better argument.  I could see an RFC on "The
Use of TeX in Formatted Internet Mail" (but then I could see an RFC on
"The Use of TeX"... :-).

I hate to have to disagree, but I do. TeX is actually quite well specified. And
you don't have to worry about people putting in bizzarre extensions either --
you simply don't do this to TeX, and if you do it isn't TeX any more.

The problem is that the specification of TeX implicitly involves a lot of
outside context. Macro files, formats, output files that are reprocessed by TeX
or by other utilities that come with TeX (and these utilities tend to be simple
filters, so they don't have the access problems TeX has), and so forth are all
standard "TeXware".

Making sure that people don't access anything other than "TeX context" is hard.
Making sure you have enough context to actually use a given TeX file is much,
much harder.

Is Postscript well-enough specified (or can it
be, in a few paragraphs)?

Yes it is. And so is TeX. The problem is that I think you can build a useful
PostScript interpreter that obeys such a set of rules. I don't think you can
build a useful TeX facility in the same way.

This business of what is "easy to put into a stand-alone interactive UA"
strikes me as a red herring (not to say that it's not rightly important
to you).  We have many different environments to consider, and each will
have support for different things.  In a multi-tasking environment, it's
not clear that a stand-alone UA (that is, one that never relies on other
software to render messages) is a good design to begin with, while in a
non-multi-tasking environment, it may be the only choice.

You have misinterpreted what I said. Let me try again.

We send various sorts of things via electronic mail, and they fall into various
categories. One category of object is the sort that when I "read" it in my UA,
it is "rendered" (using whatever software, tasks, and even remote systems are
needed) for me and displayed or played or whatever. I don't look inside of it
to see what its made of. I simply say "read" and it is "read" for/to me.

Another category of object is something that I use, but I may have to look at
it and and in general "do something that requires intelligence" with it. first.
It simply cannot be rendered for me without my assistance.

I claim that PostScript is usually in the former category whereas TeX rarely

The manifesto we're operating from says we're doing multimedia mail. That's
great. I read this as emphasizing the former category and saying the latter
category can come a little later (we can't put it off indefinitely but we don't
necessarily need to have it in RFC-XXXX). To the extent that PostScript
is in the former category we must deal with it now. To the extent that TeX
is in the latter category we can choose to deal with it later.

The security implications for the first category are much greater as well.
Since we assume we can simply render it automatically and we don't subject it
to any analysis outside of what we specify here, we'd better be careful to make
sure we don't leave any loopholes. On the other hand, the second category of
stuff doesn't have the same "automatic" flavor, and we can be somewhat more
lenient in how we deal with it. On the other hand,  our warnings will be more
severe (caveat user). (C programs are in the  second category. Care to try to
write a "Trojan Horse Detector" for C?)

I never intended to imply anything about stand-alone applications versus
monolithic. I happen to use an environment where I can have it either way --
I have multitasking and shared libraries. The choice of approaches to this
is complex and heavily dependent on environment, as you said. I would never
claim otherwise.