In <x4ise090r2(_dot_)fsf_-_(_at_)footbone(_dot_)midwestcs(_dot_)com> wayne
<wayne(_at_)midwestcs(_dot_)com> writes:
In
<1086793209(_dot_)27362(_dot_)30(_dot_)camel(_at_)betelgeuse(_dot_)theinternetco(_dot_)net>
Aredridel <aredridel(_at_)nbtsc(_dot_)org> writes:
If you want to avoid
a full XML parser, a minimal subset for the spec will do a lot, [...]
NO!
NO!
NO!
Geez, how many times does this have to be pointed out?
Ya know, after I wrote this, I realized that this is a very real
problem for XML. *Lots* of people have made the assumption that you
can do tiny, ad-hoc XML parsers for Caller-ID/SPF-ID. XML parsers are
so large and so full of potential abuses from malicious MARID email
policies, that there will be a lot of people who will think they are
"playing it safe" by using a minimal subset of the XML spec.
If even a small fraction of the implementations use XML parsers that
fail if you step away from what they expect to find, we will end up
with a situation very much like DNS over TCP. Sure, in *theory* you
can use it, but in practice you can't.
The XML format may well end being *less* extendable in practice than
the SPF format.
-wayne