Standards tree image/ktx mime registration for review

[Mark Callow]

Hi Ned,

In my reply to your original message I wrote the following on 8/31.

> On 27/08/2010 05:27, Ned Freed wrote:
>
>> ...
>>> The ktx type is a binary data stream which contains no executable code that
>>> could disrupt a client processor. There is no provision in the type
>>> specification that would allow authors to insert executable code that would
>>> present any security risk to a client machine. 
>> IMO these security considerations are nowhere near sufficient for a standards
>> tree type. At an absolute minimum you need to add a discussion of possible
>> integrity/confidentiality concerns: Does data of this type require such
>> protection, and if it does, does the type provide it internally (and if so,
>> how) or must it be provided externally (and again, how)?
> It is not clear to me exactly what you are asking for. I looked at
> Security Considerations (Section 8.5) in the image/png registration
> (RFC 2083 <http://tools.ietf.org/html/rfc2083>) and could see nothing
> along the lines you seem to be suggesting. Since this is an image
> format, naturally any image could be sent including images which one
> may wish to keep confidential. There is no encryption in the format so
> users wishing to keep their images confidential should overlay their
> own encryption. Is this the kind of discussion you are requesting.

I no clearer to understanding your request. Please answer my question so
I can proceed with the registration.

Regards

    -Mark

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.alvestrand.no/pipermail/ietf-types/attachments/20100906/e3e8dd8f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: callow_mark.vcf
Type: text/x-vcard
Size: 398 bytes
Desc: not available
URL: <http://www.alvestrand.no/pipermail/ietf-types/attachments/20100906/e3e8dd8f/attachment.vcf>