Re: Proposed Resolution to PROT I-D Issues List

[Wes Hardaker <wjhns1@hardakers.net>]

>>>>> On Fri, 18 Mar 2005 09:03:01 -0800, "Steven Berl (sberl)" <sberl@cisco.com> said:

Steven> Are you saying that we have a formal language description of
Steven> the syntax of the protocol messages, but that is there just
Steven> for information?

My only intent was to state that it hasn't been proven to be perfect,
and thus implementers should not rely on it as a check that an
incoming packet is indeed perfect.

The problem I've seen with XML applications is that many of them pass
an incoming packet to a validator (which is merely validating the XML,
not the data within) and then doesn't implement its own sanity error
checking afterward.  Thus, I've actually seen many security problems
in XML applications because they assume that the packet contains
everything it needs in the exact form it needs when in fact it may
not.

Andy is right, however, that an XSD probably couldn't be written which
meet every implementations requirements.

If you're going to make it normative, I don't think it should go into
the appendix as it is currently.  (If memory serves, appendices in
RFCs are supposed to be normative).

-- 
"In the bathtub of history the truth is harder to hold than the soap,
 and much more difficult to find."  -- Terry Pratchett

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>