proposed media type: application/exi
duerst at it.aoyama.ac.jp
Thu Oct 16 03:28:51 CEST 2008
At the moment, just a questions:
Given that there are many types of the form application/foo+xml,
will we see proposals for application/foo+exi in the future?
At 06:30 08/10/16, Carine Bournez wrote:
>The W3C EXI Working Group has issued a Last Call draft specification
>of the EXI Format 1.0 . It includes a proposal for a new media
>type "application/exi"  (a text version follows).
>The review period for this specification ends on November 7th.
>A new media type registration "application/exi" described below is being
>proposed for community review, with the intent to eventually submit it
>to the IESG for review, approval, and registration with IANA.
> When used as an XML replacement in an application, EXI shares the
>same security concerns as XML, described in IETF RFC 3023 [IETF RFC
>3023], section 10.
> In addition to concerns shared with XML, the schema identifier
>refers to information external to the EXI document itself. If an
>attacker is able to substitute another schema in place of the intended
>one, the semantics of the EXI document could be changed in some ways. As
>an example, EXI is sensitive to the order of the values in an
>enumeration. It is not known whether such an attack is possible on the
>actual structure of the document.
> Also, EXI supports user-defined datatype representations, and such
>representations, if present in a document and purportedly understood by
>a processor, can be a security weakness. Definitions of these
>representations are expected to be external, often application- or
>industry-specific, so any definition needs to be analyzed carefully from
>the security perspective before being adopted.
> The datatype representation map feature of EXI requires coordination
>between the producer and consumer of an EXI document, and is not
>recommended except in controlled environments or using standardized
>datatype representations potentially defined in the future.
> EXI permits information necessary to decode a document to be omitted
>with the expectation that such information has been communicated out of
>band. Such omissions hinder interoperability in uncontrolled
> Efficient XML Interchange (EXI) Format 1.0, World Wide Web Consortium
>Applications that use this media type:
> No known applications currently use this media type.
> Magic number(s):
> The first four octets may be hexadecimal 24 45 58 49 ("$EXI"). The
> first octet after these, or the first octet of the whole content if
> they are not present, has its high two bits set to values 1 and 0
> in that order.
> File extension(s):
> Macintosh file type code(s):
>Person & email address to contact for further information:
> World Wide Web Consortium <web-human at w3.org>
>Restrictions on usage:
> The EXI specification is the product of the World Wide Web Consortium's
>Efficient XML Interchange Working Group. The W3C has change control over this
>Carine Bournez -+- W3C Europe
#-#-# Martin J. Du"rst, Assoc. Professor, Aoyama Gakuin University
#-#-# http://www.sw.it.aoyama.ac.jp mailto:duerst at it.aoyama.ac.jp
More information about the Ietf-types