[httpapi] Re: [IANA #1367781] application/deflate registration request

Martin Thomson <mt@lowentropy.net> Sat, 14 September 2024 20:44 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: httpapi@ietfa.amsl.com
Delivered-To: httpapi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3523BC14F6F4; Sat, 14 Sep 2024 13:44:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b="JiwULq4x"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="cEvj4Pvk"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3dFIWg1CYdjb; Sat, 14 Sep 2024 13:44:06 -0700 (PDT)
Received: from fhigh1-smtp.messagingengine.com (fhigh1-smtp.messagingengine.com [103.168.172.152]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7085BC14F726; Sat, 14 Sep 2024 13:44:06 -0700 (PDT)
Received: from phl-compute-05.internal (phl-compute-05.phl.internal [10.202.2.45]) by mailfhigh.phl.internal (Postfix) with ESMTP id 5CC801140162; Sat, 14 Sep 2024 16:44:05 -0400 (EDT)
Received: from phl-imap-01 ([10.202.2.91]) by phl-compute-05.internal (MEProxy); Sat, 14 Sep 2024 16:44:05 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:cc:content-transfer-encoding:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:subject:subject:to:to; s=fm2; t=1726346645; x=1726433045; bh=hnikOonVjkVe2h8C0ZVS9Sr/fEwnftQB OIkqyeAejMI=; b=JiwULq4xMPjD8dd4ujkn3C4MZ9+45i9jLOyBIVi0Z5JSw83E 8d1Wa9dHc+hIHsfjd6Wwm9TFP122qqDwy6Hf6kXCGZlCiC1An9nC76tv3co9w+2u VnSLuwCjDA6CSUFaT9hheKdFyrINzqf78QEStiM6/j3dybr6GwHHplxV0nWgFlXT 5ZOrcX3oAHrIyket2AJOrbHMbbxhXsGLjngc2bvK7j1UqwtK+hmuDTUdRiizDcAA XNWddoTR/ALfr3gF/aGvSIfAaoDeFwD0L2tnJfEoA9fNgg+iknIQGwWVTaC9H2lA p7JOCU6YJIs5ZlTKA1UrDBXXEoRSEH+ms1ConA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1726346645; x= 1726433045; bh=hnikOonVjkVe2h8C0ZVS9Sr/fEwnftQBOIkqyeAejMI=; b=c Evj4PvkGXT1lvm48WAN9/Lm2/Qn2d7fjJuQDCrV+ol0XzuwcR7SU2vaS3XEjSqxc Ub5Fbe1s3vEC1L9kqupNxmBXc3anGkE0ea5mRuYeQ0pVao+s/8dgGS5jNoWmZ+k7 utmaQIBc/tAS+Q4d+c4/irOKy11fF8Kz9A0tfJ6QvBMWKa8dDU+SjAAoZLi074Ub bImmZzG+mNzfbdfod5iPoOe5jrftrmjZwNX75CBLwprzbquQreM3WjK3jWLmPm4U SSv45uHZn5KkxI8z/Yyq0b550jUlGtdsJVD10XQq17Q5mrxCKfXLRV4vmaMoLpMu B7lSn3stdCGfCdQ+Qmw/g==
X-ME-Sender: <xms:lPXlZmpJqQWPB_35Pqlctb872b2YiiJwahQwJmkbsxclqE6NKCTgkw> <xme:lPXlZkqat2IxaXzs8pSwliwuYpv82G5xy7ovw5HzeGfcAjfBM2J7r11-FnBKyofhI hxaIaV5UBDm86tkjTc>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrudektddgudehfecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivg hnthhsucdlqddutddtmdenucfjughrpefoggffhffvvefkjghfufgtgfesthejredtredt tdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohifvghnth hrohhphidrnhgvtheqnecuggftrfgrthhtvghrnhepfeeikeduheelgfejfedtledtfeff ueehvdetfefhudduffegkeeuleehkeegtdfhnecuffhomhgrihhnpehrfhgtqdgvughith horhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhr ohhmpehmtheslhhofigvnhhtrhhophihrdhnvghtpdhnsggprhgtphhtthhopeehpdhmoh guvgepshhmthhpohhuthdprhgtphhtthhopehirghnrgdqmhhimhgvqdgtohhmmhgvnhht sehirghnrgdrohhrghdprhgtphhtthhopehhthhtphgrphhisehivghtfhdrohhrghdprh gtphhtthhopehmvgguihgrqdhthihpvghssehivghtfhdrohhrghdprhgtphhtthhopegu rghrrhgvlhesthgrvhhishdrtggrpdhrtghpthhtohepihgvthhfqdhhthhtphdqfihgse iffedrohhrgh
X-ME-Proxy: <xmx:lfXlZrOFY1zAtTN5KmOjRgm9PeZtt9tdQlTeYniBJAH1WTI0PxAyAg> <xmx:lfXlZl4rZoAXecyGE9-Et98uL4FsWY3hc8k0DfUGLQXQOE08mhHHjg> <xmx:lfXlZl6vYjH0nQEXAXJ712eTwZsuW5eYtIGt46YTc9Zi3phCfabt0A> <xmx:lfXlZli7IWAeWNEqU4rOJb2M-0RWL6P4pZCJROaXLmUo2NJW1Rn6Ig> <xmx:lfXlZo122Mq9oWg1bli7BjYj3G-L8E3EyVV5XLmAdGTbuD9mo6e-Efm1>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.phl.internal (Postfix, from userid 501) id E4C4B3360077; Sat, 14 Sep 2024 16:44:04 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
MIME-Version: 1.0
Date: Sun, 15 Sep 2024 06:43:43 +1000
From: Martin Thomson <mt@lowentropy.net>
To: Darrel Miller <darrel@tavis.ca>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, "httpapi@ietf.org" <httpapi@ietf.org>
Message-Id: <ae18dd74-b89c-4fba-a57d-af05b0869b8f@app.fastmail.com>
In-Reply-To: <SJ2PR01MB81022FCF6BB001C659C97FE2A3662@SJ2PR01MB8102.prod.exchangelabs.com>
References: <RT-Ticket-1367781@icann.org> <405j07gm4v-1@ppa4.dc.icann.org> <rt-5.0.3-2508614-1726187292-1952.1367781-9-0@icann.org> <SJ2PR01MB81022FCF6BB001C659C97FE2A3662@SJ2PR01MB8102.prod.exchangelabs.com>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Message-ID-Hash: CJNSTZJX3OQFWKHJY7CATWES6FTWKNZZ
X-Message-ID-Hash: CJNSTZJX3OQFWKHJY7CATWES6FTWKNZZ
X-MailFrom: mt@lowentropy.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IETF Media Types <media-types@ietf.org>, "iana-mime-comment@iana.org" <iana-mime-comment@iana.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [httpapi] Re: [IANA #1367781] application/deflate registration request
List-Id: Building Blocks for HTTP APIs <httpapi.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/httpapi/e_MZ_CFAeB76rqWFJzj7ncN5P9Y>
List-Archive: <https://mailarchive.ietf.org/arch/browse/httpapi>
List-Help: <mailto:httpapi-request@ietf.org?subject=help>
List-Owner: <mailto:httpapi-owner@ietf.org>
List-Post: <mailto:httpapi@ietf.org>
List-Subscribe: <mailto:httpapi-join@ietf.org>
List-Unsubscribe: <mailto:httpapi-leave@ietf.org>

The first question for me is: what does the deflate stream contain?

Part of the point of content types is to signify something about the format of the thing.  That something can be decompressed is information, sure, much more so that something like application/octet-stream, but it isn't *useful* information.  I guess, the fact that we have generic types carries the answer.

That this doesn't use a container doesn't bother me a great deal.  If there is a media type that is clearly defined, that definition can say to omit a wrapper.  In some ways, it would have been better for the content coding to omit the wrapper as well on the basis of it being redundant.  (Of course, not following an agreed standard is worse, but it would seem that the actual standard is *either* to include wrapper or not at the discretion of the sender.)

On Sun, Sep 15, 2024, at 00:21, Darrel Miller wrote:
> I am looking for feedback from the HTTP community on a proposed media 
> type registration for application/deflate.
>
> The primary concern is the request defines the content to be a deflate 
> stream that is not in a container.  This differs from the Content 
> Coding "deflate" that is a deflate stream inside a zlib container 
> https://www.rfc-editor.org/rfc/rfc9110.html#section-8.4.1.2
>
> I believe that having a media type "application/deflate" and a 
> "Content-Encoding: deflate" that have two different content 
> representations is going to be confusing.
>
> The requestor is of the opinion that the note in RFC9110 is sufficient 
> to clarify the ambiguity.
>
> I have proposed the use of a slightly different term for the media type 
> to clarify that the content is different than the deflate content 
> coding. However, the requestor does not believe this to be appropriate.
>
> I think this audience has the appropriate experience to weight the pros 
> and cons of this situation.
>
> Thanks in advance for your input,
>
> Darrel
>
>
> ----------------------------- Proposed Registration Request   
> --------------------------------------------
> Name: David Clunie
>
> Email: dclunie@dclunie.com
>
> Media type name: application
>
> Media subtype name: deflate
>
> Required parameters: N/A.
>
> Optional parameters: N/A.
>
> Encoding considerations: binary
>
> Security considerations: deflate compression can be used to compress 
> arbitrary binary data such as hostile executable code. Also, data that 
> purports to be in deflate format may not be, and fields that are 
> supposed to be flags, lengths, or pointers could contain anything. 
> Applications should treat any data with due skepticism.
>
> Also see the security considerations in the underlying format 
> documents: Section 6 of [RFC1951].
>
> Also see the security considerations in the related zlib and gzip 
> format documents: Section 5 of [RFC1950], and Section 4 of [RFC1952].
>
> Also see the security considerations in the related 'application/zlib' 
> and 'application/gzip' Media Types documents: Section 4 of [RFC6713].
>
> The media type does not provide any privacy or integrity services, so, 
> if needed these may be provided externally, e.g., through the use of 
> TLS or Cryptographic Message Syntax (CMS).
>
> This media type employs compression, so users are warned that 
> decompression may lead to significant increase in the size of the data. 
> Theoretically, a maliciously crafted object could expand to many times 
> its original size.
>
>
> Interoperability considerations: The primary utility of a content type 
> for this encoding is as a means of conveying compressed data that is 
> guaranteed to have been compressed with a specific compression scheme 
> (deflate), and not as a container that may or may not have used deflate 
> as the compression scheme (e.g., zlib). This allows the recipient to be 
> assured (e.g., when negotiating an acceptable media type) that they 
> have the necessary decoder for the compression scheme, as distinct from 
> accepting a media type that they may later discover is compressed with 
> a scheme that is unsupported.
>
>
> Published specification: [RFC1951]
>
> Applications which use this media: Anywhere data size is an issue.
>
> Though this submission is made by an organization specifically for the 
> purpose of compressing image data of a form that is not well supported 
> by image-specific encoding schemes or widely available implementations, 
> it is generally applicable.
>
>
> Fragment identifier considerations: deflate encodes data as a 
> compressed bit stream that is not fragmented and is decoded starting at 
> the beginning of the bit stream. As such, no media type specific 
> fragment identifier or fragment semantics are defined. In particularly 
> no mechanism to selectively locate positions or sub-regions within the 
> compressed data is defined.
>
>
> Restrictions on usage: None.
>
> Provisional registration? (standards tree only): No
>
> Additional information:
>
> 1. Deprecated alias names for this type: N/A.
> 2. Magic number(s): N/A.
> 3. File extension(s): dfl
> 4. Macintosh file type code: N/A.
> 5. Object Identifiers: N/A.
>
> Person to contact for further information:
>
> 1. Name: David Clunie
> 2. Email: dclunie@dclunie.com
>
> Intended usage: COMMON
>
> Author/Change controller: DICOM Standards Committee