Tim Bray wrote:
On Sun, Mar 2, 2008 at 3:23 PM, Ned Freed
<ned(_dot_)freed(_at_)mrochek(_dot_)com> wrote:
> Contrary to that, XML processors do not resolve namespace URIs, they are
> purely used as identifiers.
That's certainly how things are supposed to work. It may or may not be
how they
actually work.
I agree with Ned that the Security considerations or some other piece
of the doc should explicitly cover this issue. -Tim
In the meantime, one could ask the W3C whether they see a lot of traffic
on popular namespace URIs, such as XHTML, XSLT or Atom.
By all means do so if you want, but IMO it's a waste of time. It's like that
cautionary line finance folks use: Past performance is not a reliable
indication of future results. Just because someone group of implementors got it
right (or wrong) in the past doesn't mean the next group won't get it wrong (or
right) this time. What such a query is effectively trying to do is to prove a
negative. Good luck with that.
Again, the bottom line is that the potential for a screwup is there and past
experience tells us that the potential is sometimes, um, exploited, sometimes
not. And that's more than sufficient to warrant discussion of the issue in the
document.
Ned
_______________________________________________
IETF mailing list
IETF(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf