- From: Tom Hillman <tom@expertml.com>
- Date: Fri, 24 Jan 2025 17:39:49 +0000
- To: Bethan Tovey-Walsh <bytheway@linguacelta.com>, Steven Pemberton <steven.pemberton@cwi.nl>
- Cc: ixml <public-ixml@w3.org>
- Message-ID: <422722ac-d98c-4bbf-9ba6-9edd838d33fa@Spark>
I withdraw any objection to replacing “should” with “must”; I don’t remember the reasoning either, so it’s unlikely to be important. _________________ Tomos Hillman +44 7793 242058 On 24 Jan 2025 at 2:18 PM +0000, Steven Pemberton <steven.pemberton@cwi.nl>, wrote: > > Patterson suggests that regular or deterministic context-free languages are the only securable input languages. iXML therefore already fails to satisfy her requirements, since it’s non-deterministic. > > I would disagree with that characterisation. ixml is deterministic. However, it does allow you to process languages that are non-deterministic, as it must, and should, since some people design such languages. > > Also rightly, ixml warns you if you design a language that turns out to be ambiguous, because you should avoid that. > > > I think (and better minds may correct me) that implementers might therefore improve the security of iXML if they could provide a “reject ambiguity” mode. This would mean that parsing an input with a grammar would fail if the parse is ambiguous, instead of returning one of the possible parses. > > This is not ixml's fault, and I would be against requiring ixml to fail in that case. On the other hand, I feel that the requirement expressed in the spec as "the resulting serialization should include the attribute ixml:state on the document element with a value that includes the word ambiguous. ", ought to be a *must* not a *should*, but we made it a should as a compromise, at Tom Hillman's request, though I don't remember the reasoning any more. I still think it's a bad idea. > > Steven > > > This wouldn’t be enough to make iXML deterministic, of course, since there’s still no guaranteed way to decide whether a given grammar is ambiguous. But it would, at least, prevent the use of ambiguous grammars if and when their ambiguity is exposed by the processor. > > > > Regarding pragmas, I think Patterson’s work suggests we should give users a guardrail, so that they can ensure that pragmas aren’t going to affect their use of iXML in unexpected ways. This would, I think, involve simply requiring in the spec that all iXML processors permit users to disable pragmas. Users could then permit the use of arbitrary iXML grammars as inputs, and know that they will be treated as though they contained no pragmas at all. > > > > If anyone’s interested in Patterson’s work, but isn’t a fan of videos, this paper covers some of the same content: https://digitalcommons.dartmouth.edu/cgi/viewcontent.cgi?article=1337&context=cs_tr > > > > BTW > > > > > > **************************************************** > > Dr. Bethan Tovey-Walsh > > linguacelta.com > > Golygydd | Editor geirfan.cymru > > Croeso i chi ysgrifennu ataf yn y Gymraeg > > > > > On 15 Jan 2025, at 11:48, Steven Pemberton <steven.pemberton@cwi.nl> wrote: > > > > > > I was recommended this talk, and I think it exposes some of the issues on pragmas. > > > > > > The talk is 38 minutes long. > > > > > > https://media.ccc.de/v/28c3-4763-en-the_science_of_insecurity > > > > > > Steven > > >
Received on Friday, 24 January 2025 17:40:21 UTC