The latest RISKS gibes an example of the magnitude of the problem of
unwanted traffic caused by using URLs instead of URNs for protocol
identification URIs. Perhaps the security considerations section of the
draft should describe some ways of mitigating it?
http://catless.ncl.ac.uk/Risks/25.07.htm
Tony Finch wrote:
> The latest RISKS gibes an example of the magnitude of the problem of
> unwanted traffic caused by using URLs instead of URNs for protocol
> identification URIs. Perhaps the security considerations section of the
> draft should describe some ways of mitigating it?
>
> http://cat
> Tony Finch wrote:
> > The latest RISKS gibes an example of the magnitude of the problem of
> > unwanted traffic caused by using URLs instead of URNs for protocol
> > identification URIs. Perhaps the security considerations section of the
> > draft should describe some ways of mitigating it?
> >
>
On Sun, Mar 2, 2008 at 3:23 PM, Ned Freed <[EMAIL PROTECTED]> wrote:
> > Contrary to that, XML processors do not resolve namespace URIs, they are
> > purely used as identifiers.
>
> That's certainly how things are supposed to work. It may or may not be how
> they
> actually work.
I agree with
Tim Bray wrote:
> On Sun, Mar 2, 2008 at 3:23 PM, Ned Freed <[EMAIL PROTECTED]> wrote:
>> > Contrary to that, XML processors do not resolve namespace URIs, they are
>> > purely used as identifiers.
>>
>> That's certainly how things are supposed to work. It may or may not be how
>> they
>> actu
On Sun, Mar 02, 2008 at 08:50:58PM +,
Tony Finch <[EMAIL PROTECTED]> wrote
a message of 16 lines which said:
> The latest RISKS gibes an example
The actual original reference is:
http://www.w3.org/blog/systeam/2008/02/08/w3c_s_excessive_dtd_traffic
> Perhaps the security considerations
> Tim Bray wrote:
> > On Sun, Mar 2, 2008 at 3:23 PM, Ned Freed <[EMAIL PROTECTED]> wrote:
> >> > Contrary to that, XML processors do not resolve namespace URIs, they are
> >> > purely used as identifiers.
> >>
> >> That's certainly how things are supposed to work. It may or may not be
> >> how
Ned Freed wrote:
> By all means do so if you want, but IMO it's a waste of time. It's like
> that
> cautionary line finance folks use: Past performance is not a reliable
> indication of future results. Just because someone group of implementors
> got it
> right (or wrong) in the past doesn't mean
Stephane Bortzmeyer wrote:
> ...
> Yes. I suggest (continuing the first paragraph of section 7):
>
> On the client side, implementors MUST use the existing solutions to
> limit the rate of access to the origin server. They include:
>
> * ability to use HTTP caching ([RFC 2616], section 13)
> * lo
On Mon, Mar 03, 2008 at 05:00:54PM +0100,
Julian Reschke <[EMAIL PROTECTED]> wrote
a message of 21 lines which said:
> Hm, we are talking about XML namespace names, not DTD URIs.
I do not see the difference. XML catalogs, for instance, are also
explicitely made for XML namespace names.
But,
- Original Message -
From: "Julian Reschke" <[EMAIL PROTECTED]>
To: "Stephane Bortzmeyer" <[EMAIL PROTECTED]>
Cc: "Tony Finch" <[EMAIL PROTECTED]>;
Sent: Monday, March 03, 2008 5:00 PM
Subject: Re: draft-duerst-iana-namespace-00.txt
> St
Tom.Petch wrote:
>> Hm, we are talking about XML namespace names, not DTD URIs.
>>
>> XML processors are not supposed to resolve them, so it seems strange to
>> insert requirements for clients that do so.
>>
> Welcome as this is, why is this I-D limited to XML namespace names? What
> about
> XML
Julian Reschke wrote:
> Pardon my ignorance, but what is an XML Schema name?
No pardon, but a guess s/name/location/ as in:
xmlns:use="http://www.w3.org/2001/XMLSchema-instance";
use:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9
http://www.sitemaps.org/schemas/sitemap/0.9/sitei
- Original Message -
From: "Julian Reschke" <[EMAIL PROTECTED]>
To: "Tom.Petch" <[EMAIL PROTECTED]>
Cc: "Stephane Bortzmeyer" <[EMAIL PROTECTED]>; "ietf"
Sent: Tuesday, March 04, 2008 6:16 PM
Subject: Re: draft-duerst-iana-nam
Tom.Petch wrote:
>> Pardon my ignorance, but what is an XML Schema name? I
>>
>
> As defined in RFC3688, which sets up namespaces for
> XML namespaces
> XML schema
> XML rdfschema
> XML publicid
> all using the URI scheme urn:
OK.
The registries for rdfschema is unused, the one for publicid
> Ned Freed wrote:
> > By all means do so if you want, but IMO it's a waste of time. It's like
> > that
> > cautionary line finance folks use: Past performance is not a reliable
> > indication of future results. Just because someone group of implementors
> > got it
> > right (or wrong) in the past
Julian Reschke wrote:
> The registries for rdfschema is unused, the one for publicid only
> contains a single entry for a legacy (1997) version of HTML.
In theory the RFC 2629 DTD should be added. In practice a bad
idea, because this DTD is still a moving target. The CharmapML
DTDs could be c
17 matches
Mail list logo
