[security-request] Issue: RDF Dataset Canonicalization 2023-06-09 (#56) marked as REVIEW REQUESTED from Phil Archer via GitHub on 2023-06-09 (public-web-security@w3.org from June 2023)

From: Phil Archer via GitHub <sysbot+gh@w3.org>
Date: Fri, 09 Jun 2023 16:13:19 +0000
To: public-web-security@w3.org
Message-ID: <issues.labeled-1750163426-1686327197-sysbot+gh@w3.org>

philarcher has just labeled an issue for https://github.com/w3c/security-request as "REVIEW REQUESTED":

== RDF Dataset Canonicalization 2023-06-09 ==
We have conducted a self-review of our spec [RDF Dataset Canonicalization](https://www.w3.org/TR/2023/WD-rdf-canon-20230609/)  and the results can be found at https://github.com/w3c/rdf-canon/issues/70

Please check our findings.

- Do you need a reply by a particular date?
- No but we are hoping to go to CR in July or August (i.e. *before* TPAC)


Other comments:
This is a data processing algorithm rather than an interaction specification and so the nature of the input data is what determines whether security is or isn't a risk. We have highlighted the danger of 'dataset poisoning' - i.e. attempting to overload or crash the process by using a dataset that has certain features. Implementations can spot this danger and abort the process.

See https://github.com/w3c/security-request/issues/56


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 9 June 2023 16:13:21 UTC