IETF Logo Mail Archive

Re: [ietf-types] Request for registration of application/gzip and application/zlib

Ned Freed <ned.freed@mrochek.com> Wed, 22 February 2012 07:30 UTC

Return-Path: <ned.freed@mrochek.com>
X-Original-To: ietf-types@ietfa.amsl.com
Delivered-To: ietf-types@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07E2021E8067 for <ietf-types@ietfa.amsl.com>; Tue, 21 Feb 2012 23:30:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.583
X-Spam-Level:
X-Spam-Status: No, score=-2.583 tagged_above=-999 required=5 tests=[AWL=0.016, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QP8aOl2ADC0Q for <ietf-types@ietfa.amsl.com>; Tue, 21 Feb 2012 23:30:30 -0800 (PST)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by ietfa.amsl.com (Postfix) with ESMTP id D10EF21E8043 for <ietf-types@ietf.org>; Tue, 21 Feb 2012 23:30:30 -0800 (PST)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OC9QB67T8W00UAZT@mauve.mrochek.com> for ietf-types@ietf.org; Tue, 21 Feb 2012 23:30:29 -0800 (PST)
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01OC8QYYHB0W00ZUIL@mauve.mrochek.com>; Tue, 21 Feb 2012 23:30:26 -0800 (PST)
Message-id: <01OC9QB5028200ZUIL@mauve.mrochek.com>
Date: Tue, 21 Feb 2012 23:23:07 -0800
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Tue, 21 Feb 2012 21:29:47 +0100" <7bv7k75ur1utsvkk8jvdlp47tt8nuab9e6@hive.bjoern.hoehrmann.de>
MIME-version: 1.0
Content-type: TEXT/PLAIN; charset="iso-8859-1"
References: <alpine.BSF.2.00.1202211047280.29127@joyce.lan> <7bv7k75ur1utsvkk8jvdlp47tt8nuab9e6@hive.bjoern.hoehrmann.de>
To: Bjoern Hoehrmann <derhoermi@gmx.net>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mrochek.com; s=mauve; t=1329895832; bh=KtgneRtFoL7nn0zKfSq3Auc66l7FY2jcKcTdGfAyVFk=; h=Cc:Message-id:Date:From:Subject:In-reply-to:MIME-version: Content-type:References:To; b=rQ+f3EedFeeseT7ywy+TKZ2YPiRA5nMJd/Rgjc2+TtAyeDsO239O2N9f9j66hIzzr DGtz8nnM+cxFMAzvsPw1WKh8pRiIkGWwrRE8L/CLqPvikcuG5mfu4ZwmOImK6W32uw A81OVK3HjlEs/FL2sYQJJgAEyIaY0Q5Z71Id4tJo=
Cc: John R Levine <johnl@taugh.com>, ietf-types@ietf.org
Subject: Re: [ietf-types] Request for registration of application/gzip and application/zlib
X-BeenThere: ietf-types@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Media \(MIME\) type review" <ietf-types.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-types>, <mailto:ietf-types-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-types>
List-Post: <mailto:ietf-types@ietf.org>
List-Help: <mailto:ietf-types-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-types>, <mailto:ietf-types-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Feb 2012 07:30:32 -0000

> * John R Levine wrote:
> >The draft is here:
> >
> >https://datatracker.ietf.org/doc/draft-levine-application-gzip/

> Thank you. The draft should mention that legacy applications have used
> application/x-gzip in the past, but that's discouraged, people should
> use the types you define instead.

> (Most of these comments apply to both types).

> >The zlib and gzip formats are defined in RFCs 1950 and 1952. This
> >defines MIME types for them.
> >
> >2.  The Application/Zlib Media Type

> I would prefer all lower-case for the type name.

> >    Type name: application
> >
> >    Subtype name: zlib
> >
> >    Required parameters: none
> >
> >    Optional parameters: none
> >
> >    Encoding considerations: needs base64 or other encoding that allows
> >    arbitrary binary data

> The value should be "8bit" (for both types).

???? These are binary formats, plain and simple. There's no encoding included
in them that would result in line-oriented output. 

I don't mind changing the wording to simply say "binary" if that is clearer,
but "8bit" is flat-out incorrect.

> >    Security considerations: See section [security] below
> >
> >    Interoperability considerations: none

> This should probably reference RFC1950.

Seems a little redundant, but whatever.

> >    Published specification: [RFC1950]
> >
> >    Applications that use this media type: anywhere data size is an issue

> Same here.

> >    Additional information:
> >
> >       Magic number(s): first byte is usually 0x78 but can also be 0x08,
> >       0x18, 0x28, 0x38, 0x48, 0x58, or 0x68.

> This is confusing.

Then suggest text. Not sure how else you can say this.

> >       File extension(s): none
> >       Macintosh file type code(s): none
> >
> >    Person and email address to contact for further information: see
> >    http://www.zlib.net/

> The form in RFC 4288 wants you to use "&" in place of "and".

No, really, it doesn't. Nothing says the form has to be followed to this
degree.

> >4.  Security Considerations
> >
> >    Zlib and gzip compression can be used to compress arbitrary binary
> >    data such as hostile executable code.  Also, data that purports to be
> >    in zlib or gzip format may not be, and fields that are supposed to be
> >    flags, lengths, or pointers, could contain anything.  Applications
> >    should treat any data with due scepticism.

> I would prefer simply referencing the two format RFCs, the types as such
> do not introduce additional security considerations.

This may need to be reworded to make it clearer, but AFAIK the point that these
formats decode automatically in some contexts and are therefore sometimes used
to get hostile code past overly simplistic scans is not mentioned in those
documents and *is* a known security concern. As such, it needs to be mentioned.

				Ned

v2.23.0 | Report a Bug | By Email