binaryXML, marshalling, and and trust boundaries

A thought on binary XML before I forget...

Here's a conversation I see repeated about
every 6 months:

A: XML is too verbose for low-bandwidth environments

B: so compress it

A: but we don't want to spend the battery/cpu/RAM
 to uncompress it; we just want a binary
 datastructure of the parse tree

B: oh bother. Go ahead, but don't ask
 the XML community to endorse it.

and it often stops there, at a stalemate.

It occured to me while brushing my teeth
or something that what B should have said is:

B: is this datastructure for use between
   mutually distrustful parties? e.g.
   arbitrary clients and servers in the Internet?

A: well, our application is just between
   our wireless towers and handsets, which
   trust each other.

B: well, what you do in the privacy of
   your own home/trusted-net is your business.
   If this isn't about interoperability
   between arbitrary parties in the net/web,
   then you really don't need our endorsement,
   do you?

A: well, surely there are other applications
   of this technology that involve
   interoperability between distrustful

B: well, then the client has to bytecode-verify
   the datastructure on receipt. is that
   really much less work than ungzipping
   and/or XML parsing?

A: it sure seems like a lot less work.

B: well, after >10 years, security bugs
   in sunRPC unmarshalling code are still
   being found. Are you sure?

Subject: NetBSD Security Advisory 2002-011: Sun RPC XDR decoder contains
buffer overflow
Date: Tue, 17 Sep 2002 17:53:15 -0700

A: hm... maybe you're right that when
   you need to cross trust boundaries,
   you might as well use XML
   or gzip'd XML.

Dan Connolly, W3C

Received on Monday, 2 December 2002 17:02:37 UTC