- From: Dan Connolly <[email protected]>
- Date: 02 Dec 2002 16:02:51 -0600
- To: [email protected]
A thought on binary XML before I forget...
Here's a conversation I see repeated about
every 6 months:
A: XML is too verbose for low-bandwidth environments
B: so compress it
A: but we don't want to spend the battery/cpu/RAM
to uncompress it; we just want a binary
datastructure of the parse tree
B: oh bother. Go ahead, but don't ask
the XML community to endorse it.
and it often stops there, at a stalemate.
It occured to me while brushing my teeth
or something that what B should have said is:
B: is this datastructure for use between
mutually distrustful parties? e.g.
arbitrary clients and servers in the Internet?
A: well, our application is just between
our wireless towers and handsets, which
trust each other.
B: well, what you do in the privacy of
your own home/trusted-net is your business.
If this isn't about interoperability
between arbitrary parties in the net/web,
then you really don't need our endorsement,
do you?
A: well, surely there are other applications
of this technology that involve
interoperability between distrustful
parties.
B: well, then the client has to bytecode-verify
the datastructure on receipt. is that
really much less work than ungzipping
and/or XML parsing?
A: it sure seems like a lot less work.
B: well, after >10 years, security bugs
in sunRPC unmarshalling code are still
being found. Are you sure?
Subject: NetBSD Security Advisory 2002-011: Sun RPC XDR decoder contains
buffer overflow
Date: Tue, 17 Sep 2002 17:53:15 -0700
http://www.mail-archive.com/[email protected]/msg09084.html
A: hm... maybe you're right that when
you need to cross trust boundaries,
you might as well use XML
or gzip'd XML.
--
Dan Connolly, W3C http://www.w3.org/People/Connolly/
Received on Monday, 2 December 2002 17:02:37 UTC