From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: William ML Leslie Newsgroups: gmane.lisp.guile.devel Subject: Re: Verifying Toolchain Semantics Date: Fri, 3 Oct 2014 17:15:56 +1000 Message-ID: References: <87mw9dfz8l.fsf@netris.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=001a11c168b217450e05047f813a X-Trace: ger.gmane.org 1412320576 31048 80.91.229.3 (3 Oct 2014 07:16:16 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 3 Oct 2014 07:16:16 +0000 (UTC) To: guile-devel Original-X-From: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Fri Oct 03 09:16:08 2014 Return-path: Envelope-to: guile-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XZx5x-0002aQ-IQ for guile-devel@m.gmane.org; Fri, 03 Oct 2014 09:16:05 +0200 Original-Received: from localhost ([::1]:38235 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XZx5w-0003fL-Tz for guile-devel@m.gmane.org; Fri, 03 Oct 2014 03:16:04 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:55037) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XZx5q-0003fD-Sd for guile-devel@gnu.org; Fri, 03 Oct 2014 03:16:00 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XZx5p-0007AP-JD for guile-devel@gnu.org; Fri, 03 Oct 2014 03:15:58 -0400 Original-Received: from mail-qa0-x22a.google.com ([2607:f8b0:400d:c00::22a]:59777) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XZx5p-00079t-FK for guile-devel@gnu.org; Fri, 03 Oct 2014 03:15:57 -0400 Original-Received: by mail-qa0-f42.google.com with SMTP id j7so529194qaq.1 for ; Fri, 03 Oct 2014 00:15:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=GbOAbgJ3CksR3MnUb9k8UPafVz4Kd2p9efhEygWVWEQ=; b=00xFahH4DPvPr87vj4bZNxgID2KMKDjAm0VcbfVkxSP/EVZDhz/vM+mMytM25p3qhy rTRKhGI87lc1FoB/059MYufiD7rNOkEAiuKNPiOAJhW8X4HSota2/Ai7LzSO0/CvAr4x 0Zsl4i9r9hB/bmz95M7f6ZnTUJCFAjzCRnK1tBYOdtY7lcbvUMhH++YYLUEr9M5ZCqiX B1aKgGz8L145U9xApzetCMODavLUklEru3tSRr1Uu36XYBpqP+EcV2deDlkq+O0nl6IZ 6NCAdUYBW1fHaty/XXsHRFAdAXaq0m0tZQjp64ZStOmo7u/M8kUVHetXYNPJoxN6HN2S AYBw== X-Received: by 10.140.95.97 with SMTP id h88mr2858360qge.103.1412320556684; Fri, 03 Oct 2014 00:15:56 -0700 (PDT) Original-Received: by 10.140.221.69 with HTTP; Fri, 3 Oct 2014 00:15:56 -0700 (PDT) In-Reply-To: <87mw9dfz8l.fsf@netris.org> X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2607:f8b0:400d:c00::22a X-BeenThere: guile-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Developers list for Guile, the GNU extensibility library" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Original-Sender: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.lisp.guile.devel:17532 Archived-At: --001a11c168b217450e05047f813a Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 3 October 2014 16:23, Mark H Weaver wrote: > Instead, he insists to distribute them in an opaque > format that can only be interpreted by a small handful of very complex > programs with a large attack surface. > =E2=80=8BOh, interesting point. Maybe we should define PDF as an abstract semantics that we can convert into a wide range of equivalent document layout languages? If the attacker can't tell exactly what xsl-fo or dsssl the tool will output, or what software you're using to render the result, it will magically make it more difficult to attack!=E2=80=8B --=20 William Leslie Notice: Likely much of this email is, by the nature of copyright, covered under copyright law. You absolutely MAY reproduce any part of it in accordance with the copyright law of the nation you are reading this in. Any attempt to DENY YOU THOSE RIGHTS would be illegal without prior contractual agreement. --001a11c168b217450e05047f813a Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On 3 October 2014 16:23, Mark H= Weaver <mhw@netris.org> wrote:
<= blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px= #ccc solid;padding-left:1ex">Instead, he insists t= o distribute them in an opaque
format that can only be interpreted by a small handful of very complex
programs with a large attack surface.

=E2=80=8BOh,= interesting point.=C2=A0 Maybe we should define PDF as an abstract semanti= cs that we can convert into a wide range of equivalent document layout lang= uages?=C2=A0 If the attacker can't tell exactly what xsl-fo or dsssl th= e tool will output, or what software you're using to render the result,= it will magically make it more difficult to attack!=E2=80=8B

--
William Leslie

Notice:
Likely mu= ch of this email is, by the nature of copyright, covered under copyright la= w.=C2=A0 You absolutely MAY reproduce any part of it in accordance with the= copyright law of the nation you are reading this in.=C2=A0 Any attempt to = DENY YOU THOSE RIGHTS would be illegal without prior contractual agreement.
--001a11c168b217450e05047f813a--