Re: [apps-discuss] font/* (and draft-freed-media-type-regs)

Nathaniel Borenstein <nsb@guppylake.com> Tue, 15 November 2011 15:52 UTC

Return-Path: <nsb@guppylake.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 925CA11E809D for <apps-discuss@ietfa.amsl.com>; Tue, 15 Nov 2011 07:52:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.448
X-Spam-Level:
X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uiTTSrEiBLvu for <apps-discuss@ietfa.amsl.com>; Tue, 15 Nov 2011 07:52:35 -0800 (PST)
Received: from server1.netnutz.com (server1.netnutz.com [72.233.90.3]) by ietfa.amsl.com (Postfix) with ESMTP id 6409211E8099 for <apps-discuss@ietf.org>; Tue, 15 Nov 2011 07:52:35 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=guppylake.com; h=Received:Subject:Mime-Version:Content-Type:From:In-Reply-To:Date:Cc:Message-Id:References:To:X-Mailer; b=BWhwOYR4BOAKW574uww0rM5Ahj5jyg6HagGBKXGrwZA5Fvg8qzja3Qmtp4xttSwJru6UJdRWLLjNs+c1Yl6ikGc5+UgQQ+sY4l+mXe4doUmz3FwjRiSIhPgNt2Bms/UU;
Received: from [108.98.149.133] (helo=[192.168.0.197]) by server1.netnutz.com with esmtpa (Exim 4.69) (envelope-from <nsb@guppylake.com>) id 1RQLJE-00058c-P7; Tue, 15 Nov 2011 10:52:29 -0500
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: multipart/alternative; boundary=Apple-Mail-1032--532239389
From: Nathaniel Borenstein <nsb@guppylake.com>
In-Reply-To: <4EC1BD19.6050407@it.aoyama.ac.jp>
Date: Tue, 15 Nov 2011 10:52:24 -0500
Message-Id: <23361539-218D-44C3-9F35-63B86C25730D@guppylake.com>
References: <C68CB012D9182D408CED7B884F441D4D0611DABF0F@nambxv01a.corp.adobe.com> <3C5268E5-FE9E-4148-8955-0450304BB407@apple.com> <4EC1BD19.6050407@it.aoyama.ac.jp>
To: =?iso-8859-1?Q?Martin_J=2E_D=FCrst?= <duerst@it.aoyama.ac.jp>
X-Mailer: Apple Mail (2.1084)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server1.netnutz.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - guppylake.com
Cc: David Singer <singer@apple.com>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>, "gadams@xfsi.com" <gadams@xfsi.com>
Subject: Re: [apps-discuss] font/* (and draft-freed-media-type-regs)
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Nov 2011 15:52:39 -0000

On Nov 14, 2011, at 8:15 PM, Martin J. Dürst wrote:

> I very much think that having a  font/ top level type is actually a good idea. But I hinted at this before: a type shouldn't be treated as "more safe" just because it says font/, rather than application/. Many font formats contain active code that is executed by the font engine.

Not more safe, but possibly more cost-effective to screen.  If something is labeled as a font, you might be able to reject all non-font content much faster than you can reject application/octet-stream.   (Obviously you'd still have to look through any active code in the stuff that is accepted.)  -- Nathaniel