Standards tree image/ktx mime registration for review
Mark Callow
callow_mark at hicorp.co.jp
Mon Sep 6 07:59:31 CEST 2010
Hi Ned,
In my reply to your original message I wrote the following on 8/31.
> On 27/08/2010 05:27, Ned Freed wrote:
>
>> ...
>>> The ktx type is a binary data stream which contains no executable code that
>>> could disrupt a client processor. There is no provision in the type
>>> specification that would allow authors to insert executable code that would
>>> present any security risk to a client machine.
>> IMO these security considerations are nowhere near sufficient for a standards
>> tree type. At an absolute minimum you need to add a discussion of possible
>> integrity/confidentiality concerns: Does data of this type require such
>> protection, and if it does, does the type provide it internally (and if so,
>> how) or must it be provided externally (and again, how)?
> It is not clear to me exactly what you are asking for. I looked at
> Security Considerations (Section 8.5) in the image/png registration
> (RFC 2083 <http://tools.ietf.org/html/rfc2083>) and could see nothing
> along the lines you seem to be suggesting. Since this is an image
> format, naturally any image could be sent including images which one
> may wish to keep confidential. There is no encryption in the format so
> users wishing to keep their images confidential should overlay their
> own encryption. Is this the kind of discussion you are requesting.
I no clearer to understanding your request. Please answer my question so
I can proceed with the registration.
Regards
-Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.alvestrand.no/pipermail/ietf-types/attachments/20100906/e3e8dd8f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: callow_mark.vcf
Type: text/x-vcard
Size: 398 bytes
Desc: not available
URL: <http://www.alvestrand.no/pipermail/ietf-types/attachments/20100906/e3e8dd8f/attachment.vcf>
More information about the Ietf-types
mailing list