proposed media type: application/exi

Martin Duerst duerst at it.aoyama.ac.jp
Thu Oct 16 03:28:51 CEST 2008


Hello Carine,

At the moment, just a questions:

Given that there are many types of the form application/foo+xml,
will we see proposals for application/foo+exi in the future?

Regards,    Martin.

At 06:30 08/10/16, Carine Bournez wrote:
>
>The W3C EXI Working Group has issued a Last Call draft specification
>of the EXI Format 1.0 [1]. It includes a proposal for a new media 
>type "application/exi" [2] (a text version follows).
>The review period for this specification ends on November 7th.
>
>[1] http://www.w3.org/TR/exi
>[2] http://www.w3.org/TR/exi/#internetMediaType
>
>===========================
>A new media type registration "application/exi" described below is being
>proposed for community review, with the intent to eventually submit it
>to the IESG for review, approval, and registration with IANA.
>
>Type name:
>    application 
>
>Subtype name:
>    exi 
>
>Required parameters:
>    none 
>
>Optional parameters:
>    none 
>
>Encoding considerations:
>    binary 
>
>Security considerations:
>    When used as an XML replacement in an application, EXI shares the
>same security concerns as XML, described in IETF RFC 3023 [IETF RFC
>3023], section 10.
>
>    In addition to concerns shared with XML, the schema identifier
>refers to information external to the EXI document itself. If an
>attacker is able to substitute another schema in place of the intended
>one, the semantics of the EXI document could be changed in some ways. As
>an example, EXI is sensitive to the order of the values in an
>enumeration. It is not known whether such an attack is possible on the
>actual structure of the document.
>
>    Also, EXI supports user-defined datatype representations, and such
>representations, if present in a document and purportedly understood by
>a processor, can be a security weakness. Definitions of these
>representations are expected to be external, often application- or
>industry-specific, so any definition needs to be analyzed carefully from
>the security perspective before being adopted. 
>Interoperability considerations:
>
>    The datatype representation map feature of EXI requires coordination
>between the producer and consumer of an EXI document, and is not
>recommended except in controlled environments or using standardized
>datatype representations potentially defined in the future.
>
>    EXI permits information necessary to decode a document to be omitted
>with the expectation that such information has been communicated out of
>band. Such omissions hinder interoperability in uncontrolled
>environments. 
>
>Published specification:
>    Efficient XML Interchange (EXI) Format 1.0, World Wide Web Consortium 
>
>Applications that use this media type:
>    No known applications currently use this media type. 
>
>Additional information:
>    Magic number(s):
>       The first four octets may be hexadecimal 24 45 58 49 ("$EXI"). The 
>       first octet after these, or the first octet of the whole content if 
>       they are not present, has its high two bits set to values 1 and 0 
>       in that order.
>    File extension(s):
>       .exi
>    Macintosh file type code(s):
>       APPL
>     
>Person & email address to contact for further information:
>    World Wide Web Consortium <web-human at w3.org> 
>
>Intended usage:
>    COMMON 
>
>Restrictions on usage:
>    none 
>
>Author/Change controller:
>    The EXI specification is the product of the World Wide Web Consortium's 
>Efficient XML Interchange Working Group. The W3C has change control over this 
>specification. 
>===========================
>
>Thank you.
>
>-- 
>Carine Bournez -+- W3C Europe


#-#-#  Martin J. Du"rst, Assoc. Professor, Aoyama Gakuin University
#-#-#  http://www.sw.it.aoyama.ac.jp       mailto:duerst at it.aoyama.ac.jp     



More information about the Ietf-types mailing list