- From: Paul Cotton <pcotton@microsoft.com>
- Date: Fri, 6 Sep 2002 12:13:17 -0400
- To: "David Hopwood" <david.hopwood@zetnet.co.uk>
- Cc: <ietf-types@iana.org>, <uri@w3.org>, <www-tag@w3.org>
>to justify the risk of security flaws in parsing regular expressions Can you give a reference for this risk or a short summary? /paulc Paul Cotton, Microsoft Canada 17 Eleanor Drive, Nepean, Ontario K2E 6A3 Tel: (613) 225-5445 Fax: (425) 936-7329 <mailto:pcotton@microsoft.com> > -----Original Message----- > From: David Hopwood [mailto:david.hopwood@zetnet.co.uk] > Sent: Thursday, September 05, 2002 3:28 PM > To: ietf-types@iana.org; uri@w3.org; www-tag@w3.org > Subject: draft-wilde-text-fragment-01 (was: Including 'fragment identifier > semantics' ...) > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Dan Kohn wrote: > > It would also be worth noting and/or commenting on this draft: > > > > http://www.ietf.org/internet-drafts/draft-wilde-text-fragment-01 > > Yuch. This is overcomplicated and not sufficiently useful to justify the > risk of security flaws in parsing regular expressions. There's a good > case for supporting a simple "#<line-number>" syntax for text/plain, but > nothing more IMHO. > > - -- > David Hopwood <david.hopwood@zetnet.co.uk> > > Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/ > RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01 > Nothing in this message is intended to be legally binding. If I revoke a > public key but refuse to specify why, it is because the private key has > been > seized under the Regulation of Investigatory Powers Act; see > www.fipr.org/rip > > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3i > Charset: noconv > > iQEVAwUBPXe8zTkCAxeYt5gVAQEzLgf/VxDz2nCDGIg3dfiIG1BBWydszNQhEpeM > jrZvcsSgoc5DnQkpI+BjDNXFd3JaXSw25JBdxeqgTWxN3p+WSFsuOQTiUZekoac+ > RIPZ0vtxvwsmeJ33Bb5k7VKS/dk61N+sgm+acGc5zUvFv3D+4aPcd9zTIFQTvaed > qqwcEdQG4MYVLy9/mENAkxTH2I3C9K4IuoPDwQzho0YJ6wzB7qfEEa3qo3upw49G > 83TZUInTfGz8UyDYOU7Iua/ICiMSUjpzTfo8vjndpBpD9iLvYrSXYFzulO2iMDJT > QpBfBl99PVnU25DXuxFuA2Fs1z7Yuk4MVsIMIinZUCQEoQfzQQ99JQ== > =+j0H > -----END PGP SIGNATURE-----
Received on Friday, 6 September 2002 12:13:50 UTC