[rfc-i] Proposal for v3 to simplify most references

Paul Hoffman paul.hoffman at vpnc.org
Mon Feb 10 09:03:57 PST 2014


On Feb 10, 2014, at 8:56 AM, Nico Williams <nico at cryptonector.com> wrote:

> On Mon, Feb 10, 2014 at 10:52 AM, John R Levine <johnl at taugh.com> wrote:
>>>>>   <library name="RFC-Editor"/>
>>>>>   <library name="my-lib" ref="URI to my reference library">
>> 
>> I'm not at all thrilled by a feature that lets random people who submit I-Ds
>> put in active code that makes xml2rfc fetch random posssibly hostile URLs.
>> Kaboom.  It doesn't have to make xml2rfc do anything particularly evil, just
>> making it crash or hang (imagine a hostile URL that trickles the bytes out
>> very slowly) would screw up a lot of automated scripts.
> 
> That's there now via XML entities.  Perhaps the submission system
> should reject I-Ds whose XML references anything other than the
> RFC-Editor's standard reference library.  A mode of xml2rfc will be
> needed where it replaces external library references by in-lining
> them.  In any case, there's no reason not to permit private reference
> libraries though (particularly considering the private memo feature).

There is no need to reject, but a warning or hint that they could simplify might be in order. The RFC Editor will do the change during the RFC preparation process, just like they do now.

--Paul Hoffman


More information about the rfc-interest mailing list