proposed media type: application/exi
carine at w3.org
Wed Oct 15 23:30:20 CEST 2008
The W3C EXI Working Group has issued a Last Call draft specification
of the EXI Format 1.0 . It includes a proposal for a new media
type "application/exi"  (a text version follows).
The review period for this specification ends on November 7th.
A new media type registration "application/exi" described below is being
proposed for community review, with the intent to eventually submit it
to the IESG for review, approval, and registration with IANA.
When used as an XML replacement in an application, EXI shares the
same security concerns as XML, described in IETF RFC 3023 [IETF RFC
3023], section 10.
In addition to concerns shared with XML, the schema identifier
refers to information external to the EXI document itself. If an
attacker is able to substitute another schema in place of the intended
one, the semantics of the EXI document could be changed in some ways. As
an example, EXI is sensitive to the order of the values in an
enumeration. It is not known whether such an attack is possible on the
actual structure of the document.
Also, EXI supports user-defined datatype representations, and such
representations, if present in a document and purportedly understood by
a processor, can be a security weakness. Definitions of these
representations are expected to be external, often application- or
industry-specific, so any definition needs to be analyzed carefully from
the security perspective before being adopted.
The datatype representation map feature of EXI requires coordination
between the producer and consumer of an EXI document, and is not
recommended except in controlled environments or using standardized
datatype representations potentially defined in the future.
EXI permits information necessary to decode a document to be omitted
with the expectation that such information has been communicated out of
band. Such omissions hinder interoperability in uncontrolled
Efficient XML Interchange (EXI) Format 1.0, World Wide Web Consortium
Applications that use this media type:
No known applications currently use this media type.
The first four octets may be hexadecimal 24 45 58 49 ("$EXI"). The
first octet after these, or the first octet of the whole content if
they are not present, has its high two bits set to values 1 and 0
in that order.
Macintosh file type code(s):
Person & email address to contact for further information:
World Wide Web Consortium <web-human at w3.org>
Restrictions on usage:
The EXI specification is the product of the World Wide Web Consortium's
Efficient XML Interchange Working Group. The W3C has change control over this
Carine Bournez -+- W3C Europe
More information about the Ietf-types