[rfc-i] Proposal for v3 to simplify most references
paul.hoffman at vpnc.org
Mon Feb 10 09:03:57 PST 2014
On Feb 10, 2014, at 8:56 AM, Nico Williams <nico at cryptonector.com> wrote:
> On Mon, Feb 10, 2014 at 10:52 AM, John R Levine <johnl at taugh.com> wrote:
>>>>> <library name="RFC-Editor"/>
>>>>> <library name="my-lib" ref="URI to my reference library">
>> I'm not at all thrilled by a feature that lets random people who submit I-Ds
>> put in active code that makes xml2rfc fetch random posssibly hostile URLs.
>> Kaboom. It doesn't have to make xml2rfc do anything particularly evil, just
>> making it crash or hang (imagine a hostile URL that trickles the bytes out
>> very slowly) would screw up a lot of automated scripts.
> That's there now via XML entities. Perhaps the submission system
> should reject I-Ds whose XML references anything other than the
> RFC-Editor's standard reference library. A mode of xml2rfc will be
> needed where it replaces external library references by in-lining
> them. In any case, there's no reason not to permit private reference
> libraries though (particularly considering the private memo feature).
There is no need to reject, but a warning or hint that they could simplify might be in order. The RFC Editor will do the change during the RFC preparation process, just like they do now.
More information about the rfc-interest