RE: draft-wilde-text-fragment-01 (was: Including 'fragment identifier semantics' ...) from Paul Cotton on 2002-09-06 (www-tag@w3.org from September 2002)

From: Paul Cotton <pcotton@microsoft.com>
Date: Fri, 6 Sep 2002 12:13:17 -0400
To: "David Hopwood" <david.hopwood@zetnet.co.uk>
Cc: <ietf-types@iana.org>, <uri@w3.org>, <www-tag@w3.org>
Message-ID: <E7AC4500EAB7A442ABA7521D18814397032F9EF5@tor-msg-01.northamerica.corp.microsoft>

>to justify the risk of security flaws in parsing regular expressions

Can you give a reference for this risk or a short summary?

/paulc

Paul Cotton, Microsoft Canada 
17 Eleanor Drive, Nepean, Ontario K2E 6A3 
Tel: (613) 225-5445 Fax: (425) 936-7329 
<mailto:pcotton@microsoft.com> 


> -----Original Message-----
> From: David Hopwood [mailto:david.hopwood@zetnet.co.uk]
> Sent: Thursday, September 05, 2002 3:28 PM
> To: ietf-types@iana.org; uri@w3.org; www-tag@w3.org
> Subject: draft-wilde-text-fragment-01 (was: Including 'fragment
identifier
> semantics' ...)
> 
> 
> 
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Dan Kohn wrote:
> > It would also be worth noting and/or commenting on this draft:
> >
> > http://www.ietf.org/internet-drafts/draft-wilde-text-fragment-01
> 
> Yuch. This is overcomplicated and not sufficiently useful to justify
the
> risk of security flaws in parsing regular expressions. There's a good
> case for supporting a simple "#<line-number>" syntax for text/plain,
but
> nothing more IMHO.
> 
> - --
> David Hopwood <david.hopwood@zetnet.co.uk>
> 
> Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
> RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5  0F 69 8C D4 FA 66
15 01
> Nothing in this message is intended to be legally binding. If I revoke
a
> public key but refuse to specify why, it is because the private key
has
> been
> seized under the Regulation of Investigatory Powers Act; see
> www.fipr.org/rip
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3i
> Charset: noconv
> 
> iQEVAwUBPXe8zTkCAxeYt5gVAQEzLgf/VxDz2nCDGIg3dfiIG1BBWydszNQhEpeM
> jrZvcsSgoc5DnQkpI+BjDNXFd3JaXSw25JBdxeqgTWxN3p+WSFsuOQTiUZekoac+
> RIPZ0vtxvwsmeJ33Bb5k7VKS/dk61N+sgm+acGc5zUvFv3D+4aPcd9zTIFQTvaed
> qqwcEdQG4MYVLy9/mENAkxTH2I3C9K4IuoPDwQzho0YJ6wzB7qfEEa3qo3upw49G
> 83TZUInTfGz8UyDYOU7Iua/ICiMSUjpzTfo8vjndpBpD9iLvYrSXYFzulO2iMDJT
> QpBfBl99PVnU25DXuxFuA2Fs1z7Yuk4MVsIMIinZUCQEoQfzQQ99JQ==
> =+j0H
> -----END PGP SIGNATURE-----

Received on Friday, 6 September 2002 12:13:50 UTC