- From: Jeremy Carroll <jjc@hplb.hpl.hp.com>
- Date: Fri, 03 Oct 2003 10:19:26 +0100
- To: Francois Yergeau <FYergeau@alis.com>
- Cc: "'Brian McBride'" <bwm@hplb.hpl.hp.com>, w3c-i18n-ig@w3.org, w3c-rdfcore-wg@w3.org
I personalise sympathise with this - there are potential SW frauds that could be executed using non-normalized text. Jeremy Francois Yergeau wrote: > Brian McBride wrote: > >>I wonder if we might look at it this way. Lets be careful who we are >>talking to with these two statements. I suggest they are >>targetted at different audiences, and are compatible. >> > > There's a more abstract notion behind the statements: un-normalized data is > evil. It has serious interop and security implications. > > Analogy: stealing is evil. > > >>When we say literal strings SHOULD be in NFC we are speaking >>to creators >>of RDF data saying you SHOULD create RDF literal strings that >>are in NFC >>(but MAY NOT, if "the full implications must be understood >>and carefully weighed). >> > > We tell visitors to a store: "Thou shalt not steal". > > >>When we say that implementations SHOULD accept literal >>strings that are >>not in NFC we are talking to implementors who can rely on the >>creators >>of the RDF that is not in NFC to have made a sensible choice, but who >>MAY refuse to process it if they think they know better. >> > > Does the store owner tell his employees to trust all visitors, even those > who appear to go out with stuff they haven't paid. I think not. > > >>Does that fly? >> > > I'm afraid not. Early-normalization cannot work without verification. > Therefore SHOULD check and SHOULD NOT accept un-normalized text. You may > have valid reasons to trust the sender, OK, we have SHOULDs and we even have > specific language about "certified text" in Charmod. But the basic idea is > it's evil, don't do it and catch it when you can. > >
Received on Friday, 3 October 2003 05:20:52 UTC