Tony Finch wrote:
The latest RISKS gibes an example of the magnitude of the problem of
unwanted traffic caused by using URLs instead of URNs for protocol
identification URIs. Perhaps the security considerations section of the
draft should describe some ways of mitigating it?
I think this is a misunderstanding.
The URI of a DTD is needed to fetch the DTD. The W3C suffers from
clients that refetch the DTD all the time.
Contrary to that, XML processors do not resolve namespace URIs, they are
purely used as identifiers.
IETF mailing list