Re: [apps-discuss] font/* (and draft-freed-media-type-regs)

"Martin J. Dürst" <duerst@it.aoyama.ac.jp> Tue, 15 November 2011 01:15 UTC

Return-Path: <duerst@it.aoyama.ac.jp>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1C3611E818C for <apps-discuss@ietfa.amsl.com>; Mon, 14 Nov 2011 17:15:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.612
X-Spam-Level:
X-Spam-Status: No, score=-99.612 tagged_above=-999 required=5 tests=[AWL=0.178, BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UZVMVJaEa0as for <apps-discuss@ietfa.amsl.com>; Mon, 14 Nov 2011 17:15:14 -0800 (PST)
Received: from scintmta02.scbb.aoyama.ac.jp (scintmta02.scbb.aoyama.ac.jp [133.2.253.34]) by ietfa.amsl.com (Postfix) with ESMTP id 3C71611E8134 for <apps-discuss@ietf.org>; Mon, 14 Nov 2011 17:15:14 -0800 (PST)
Received: from scmse02.scbb.aoyama.ac.jp ([133.2.253.231]) by scintmta02.scbb.aoyama.ac.jp (secret/secret) with SMTP id pAF1F80W015468 for <apps-discuss@ietf.org>; Tue, 15 Nov 2011 10:15:08 +0900
Received: from (unknown [133.2.206.133]) by scmse02.scbb.aoyama.ac.jp with smtp id 2029_0fb0_41eec60e_0f27_11e1_a079_001d096c5782; Tue, 15 Nov 2011 10:15:08 +0900
Received: from [IPv6:::1] ([133.2.210.1]:35220) by itmail.it.aoyama.ac.jp with [XMail 1.22 ESMTP Server] id <S156D64E> for <apps-discuss@ietf.org> from <duerst@it.aoyama.ac.jp>; Tue, 15 Nov 2011 10:15:11 +0900
Message-ID: <4EC1BD19.6050407@it.aoyama.ac.jp>
Date: Tue, 15 Nov 2011 10:15:05 +0900
From: =?UTF-8?B?Ik1hcnRpbiBKLiBEw7xyc3Qi?= <duerst@it.aoyama.ac.jp>
Organization: Aoyama Gakuin University
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.9) Gecko/20100722 Eudora/3.0.4
MIME-Version: 1.0
To: David Singer <singer@apple.com>
References: <C68CB012D9182D408CED7B884F441D4D0611DABF0F@nambxv01a.corp.adobe.com> <3C5268E5-FE9E-4148-8955-0450304BB407@apple.com>
In-Reply-To: <3C5268E5-FE9E-4148-8955-0450304BB407@apple.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "gadams@xfsi.com" <gadams@xfsi.com>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] font/* (and draft-freed-media-type-regs)
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Nov 2011 01:15:15 -0000

On 2011/11/15 3:35, David Singer wrote:
>
> On Nov 12, 2011, at 12:25 , Larry Masinter wrote:
>
>> I see no use case for why having font/opentype is any better than application/opentype
>>
>> The only use case I can imagine from looking at
>> http://tools.ietf.org/html/draft-singer-font-mime-00
>> is the possibility of defining common parameters across font data types (in the same way that text/.. has a common charset parameter).
>
> How serious is the first concern "First, the  "application" sub-tree is treated (correctly) with great caution with respect to viruses and other active code."?

I very much think that having a  font/ top level type is actually a good 
idea. But I hinted at this before: a type shouldn't be treated as "more 
safe" just because it says font/, rather than application/. Many font 
formats contain active code that is executed by the font engine. Several 
security holes have been found in this area. So I'd actually 
de-emphasize or remove this point. draft-singer-font-mime-00 also 
doesn't have a security section, and it of course needs one.


> (The reason I abandoned the draft was not the difficulty of getting it through, by the way, but because the W3C Timed Text group decided it didn't need it).

Can you be more specific? E.g., does Timed Text only use one font 
format? Or does it not contain any field that indicates the format, 
which makes this "somebody else's problem"? Or some other reason?

Regards,    Martin.