At 18:58 01/02/2004, Chuq Von Rospach wrote:
No, but the point is, XML is a way to distribute that information in a way
that is unambiguous (you can't mistake a header for a body, you can't
mistake a subject line with a from line
Assuming it's well formed XML.. Oh, the same can be said about RFC822 headers..
and processing those headers. Plus, there are zillions of tools that can
be used to generate, read and process XML
Lots can read DBF files - why not use those?
Because this assumes you have access to libraries which work on your
system which support parsing/creating XML.
as opposed to access to custom libraries that only exist/work for email-ng?
I could write a complex XML parser, or I could write a simple line based
parser. I know which I'd prefer..
Yes, RFC822 headers are a bit of a mess, that doesn't mean that a new line
based protocol would have to be:
Subject: This is my nice subject\nwith some line breaks in it
From: myname(_at_)company(_dot_)com, My Name
To: "Bill(_at_)microsoft(_dot_)com", "Bill Gates"
To: "elvis(_at_)presley(_dot_)org", "Elvis \"the king\" Presley"
etc
Let's assume you're writing a mailing system for a hardware device with a
limited amount of RAM & ROM, and you only have assembler and C (if you're
lucky) to use, would you still want XML?
so you write a mini-XML parser specifically aimed at what you need to
handle this task.
And then someone sends something you'd not seen before and trashes it.
Don't assume that everything has the power of a modern mobile phone. Simple
mailing needs to be possible with a minimum of complexity - that's one of
the reasons SMTP became popular when other systems didn't.
No, don't have certificates. They either need to be signed by a few
agencies or they can be easily forged. They also add complexity.
If I hand you my driver's license, does that prove I'm not an axe
murderer? No, it only means you know who the name of your killer was,
assuming it's not a fake. and you won't be talking...
Exactly, that's my point. It's a certificate, it's useless. If you said,
'take a blood sample, ring the 'DNA registry' number you can find in the
phone directory and check I'm who I say I am', then I'd be more sure of
what's going on.
well, no, it's not worthless -- if you call up the agency to validate that
the ID is valid.
BOTH the blood sample and the driver's license are equal authenticators;
it's the validating agency you bring in that's the key.
Yes. So, you need a registry like Verisign if you're going to have
certificates with a "reliable" validating agency.... You can't tell me who
to call, I have to decide who to call on my own, otherwise I could just be
calling your accomplice.
(Alternatively you could use a "free", pre-existing, registry such as the
DNS system..)
Yes, but I think authentication is relatively possible, central
authorization isn't, without a big registry, local authorization is quite
straightforward once you have reliable authentication.
Central authorization isn't reliable or particularly wanted -- but once
you have authentication, you can start building your own repository of
authentications, and that's the point.
That's what I was trying to say.
Paul VPOP3 - Internet Email Server/Gateway
support(_at_)pscs(_dot_)co(_dot_)uk http://www.pscs.co.uk/