Douglas Otis <dotis at mail dash abuse dot org> wrote:
... The concern related to the use of the Word input format, which > has changed in 97, 00, 02, 03, 07, and is likely again in 10, remains > that of security. Changes are not always apparent, and even format > documentation can not be relied upon when details related to active > components are ill defined. The security concern is in regard to the > embedded program language, especially when the program is to be relied > upon as the means to generate IETF compliant outputs. The Internet is > not a safe place, where a practice of embedding programs that can > cause harm into what could have been innocuous text should be > considered a bad practice. Currently, collaboration between > individuals might be accomplished by sharing xml2rfc input files, > which are also retained with the plain text RFC output. Reliance > upon Word input files as a replacement for xml2rfc files will > invariably lead to a bad practice of depending upon potentially > harmful embedded programs.
OK, I've had just about enough of this fearmongering. Why on Earth would someone use Visual Basic within Word to write a utility to convert Microsoft Word ***XML*** documents to an IETF-acceptable format, when there are much better tools for processing XML? Why would someone not specifically write such a utility to ignore or reject any Word document containing executable code? Are we that stupid? Based on the logic I am reading here, I should stop writing code in Visual Studio because it could be used to create a worm or virus, should stop turning on my computer because the box could be used to beat someone over the head, should stop driving my car to work in the morning because someone could crash it into a preschool. We shouldn't try to stop people from using every tool that could potentially, theoretically, be misused or used intentionally for evil. I use Word almost every day and I haven't encountered a macro virus for years, probably because I don't open e-mail attachments from unknown senders and don't visit MySpaceCoolAddOns.com, and have also learned to walk upright. I don't plan to respond further to this thread because it is obviously going nowhere. This, on the other hand, from Iljitsch van Beijnum <iljitsch at muada dot com>:
This solves the problem that converting anything else into XML2RFC a > reverse lossy process: XML2RFC needs more than what other formats can > supply so automatic conversion (from, for instance, Word) is > impossible.
is a genuinely useful and productive counterargument against the whole "word2rfc" concept. --Doug Ewell * Thornton, Colorado, USA * RFC 4645 * UTN #14http://www.ewellic.orghttp://www1.ietf.org/html.charters/ltru-charter.htmlhttp://www.alvestrand.no/mailman/listinfo/ietf-languages ˆ _______________________________________________Ietf mailing listIetf@xxxxxxxxxxxxx://www.ietf.org/mailman/listinfo/ietf