[sc34wg3] <mergeMap/> and security

Lars Marius Garshol larsga at ontopia.net
Fri Apr 21 04:07:44 EDT 2006

* Robert Barta
> True, but the insidiousness of the attack is that - once the attacker
> has analyzed the merging procedure of a particular software - that the
> recipient has very high computational costs.
> You can protect yourself from it by limiting the size of the
> interchanged fragment, though.

Yes, and by restricting who can add fragments to your topic map.

I think the conclusion to this debate is that the somewhat rough and  
ragged consensus is that while there are security concerns attached  
to the <mergeMap/> element, they are not strong enough to warrant  
leaving it out.

Lars Marius Garshol, Ontopian               http://www.ontopia.net
+47 98 21 55 50                             http://www.garshol.priv.no

More information about the sc34wg3 mailing list