> Tim Bray wrote: > > On Sun, Mar 2, 2008 at 3:23 PM, Ned Freed <ned.freed@xxxxxxxxxxx> wrote: > >> > Contrary to that, XML processors do not resolve namespace URIs, they are > >> > purely used as identifiers. > >> > >> That's certainly how things are supposed to work. It may or may not be how they > >> actually work. > > > > I agree with Ned that the Security considerations or some other piece > > of the doc should explicitly cover this issue. -Tim > In the meantime, one could ask the W3C whether they see a lot of traffic > on popular namespace URIs, such as XHTML, XSLT or Atom. By all means do so if you want, but IMO it's a waste of time. It's like that cautionary line finance folks use: Past performance is not a reliable indication of future results. Just because someone group of implementors got it right (or wrong) in the past doesn't mean the next group won't get it wrong (or right) this time. What such a query is effectively trying to do is to prove a negative. Good luck with that. Again, the bottom line is that the potential for a screwup is there and past experience tells us that the potential is sometimes, um, exploited, sometimes not. And that's more than sufficient to warrant discussion of the issue in the document. Ned _______________________________________________ IETF mailing list IETF@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf