reply to comments on draft-hardy-pdf-mime
Larry Masinter <masinter@adobe.com> Sun, 04 September 2016 23:25 UTC
Return-Path: <masinter@adobe.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA40D12B0B8 for <ietf@ietfa.amsl.com>; Sun, 4 Sep 2016 16:25:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.003
X-Spam-Level:
X-Spam-Status: No, score=-2.003 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=adobe.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8GyUXmJOvnoa for <ietf@ietfa.amsl.com>; Sun, 4 Sep 2016 16:25:52 -0700 (PDT)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0070.outbound.protection.outlook.com [104.47.38.70]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0A6C12B097 for <ietf@ietf.org>; Sun, 4 Sep 2016 16:25:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adobe.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ObRcpmgwfPwFlLjSd8bpGS/KCvGIRALQzo3vDj+H+fg=; b=UEA7aDe2IOTSuuRMFsQt6F/Jo8HZ03im0sESGcldtW4nuMHkm1Q9YkoU96gyMUeeUcnl8Q1XnbGJ+5M0Hhz0U2/FosRKMuN6i+viV4rerozONgpc1znvb75JmydL7NsL1rUSo/TlWpHpPnF+XC/+x9fesfQZRW8YC07tVanxwrQ=
Received: from CY4PR02MB2566.namprd02.prod.outlook.com (10.173.41.13) by CY4PR02MB2567.namprd02.prod.outlook.com (10.173.41.14) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.599.9; Sun, 4 Sep 2016 23:25:49 +0000
Received: from CY4PR02MB2566.namprd02.prod.outlook.com ([10.173.41.13]) by CY4PR02MB2566.namprd02.prod.outlook.com ([10.173.41.13]) with mapi id 15.01.0599.016; Sun, 4 Sep 2016 23:25:49 +0000
From: Larry Masinter <masinter@adobe.com>
To: "Ietf@Ietf. Org" <ietf@ietf.org>
Subject: reply to comments on draft-hardy-pdf-mime
Thread-Topic: reply to comments on draft-hardy-pdf-mime
Thread-Index: AQHSBwOrxaYt4L14T06Z1K0Hrts06A==
Date: Sun, 04 Sep 2016 23:25:49 +0000
Message-ID: <CF33E82B-463C-4652-869A-E2AD517900F6@adobe.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.19.0.160817
authentication-results: spf=none (sender IP is ) smtp.mailfrom=masinter@adobe.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [50.184.24.49]
x-ms-office365-filtering-correlation-id: 45cdb623-0281-4fc5-dfa0-08d3d51ace57
x-microsoft-exchange-diagnostics: 1; CY4PR02MB2567; 6:FCUQQLzp8J2uTQ+QTxOdE/6j1uNHChh+GRJ7RdxdRXB9/xgSb/JQruIMaU/i+FvBX6ftaoWkqR1sBUOuqbIbDiV+8Wj01wvjgwfwMhCtJlNWQDxm5FvRaA2Pvlkp2AorEqul1woxvs7d/f/aXLnpKOVP/V3TKjr82fA0OFWYBalFwZRsa5ewF3jmGSYmc6EKWKTK3qSux7lV4Rp9eBvX5f/zqF8VdjBJ9qTvToGmz488Lhc0zghcQtDvFs6FOKUCtIVm/tPKkm0b/6efUYpomlQhLjQW7kPfrhepTtJwfghBUIqXgTUF1tVYsS6IEDr0Zeh2Sall1iwEp9benzqRhQ==; 5:+jrtQm5e2nKhSIiVhHjthuua+p7xGve7Vo0iyH0vTK1F1u1nlwK7Z7YF9zici90v4ESIKZM4TmNLdBvW2lDp+AGQcC87FmxB1VQm8SiMtk6NtzSHu9Vid8xuZgAdIYarFVToSx7+37iZ2cuEb7+P/Q==; 24:9QQag6rZNSiYymBymfHHPQjLJ1SbSQ1fZufv3LfT2s149nyrNGyGfUDX9F3+q0mQIksOBdxhjtfrPay3+otf+IM8jqESN0g2KVHi9RaEzk0=; 7:2KgWYmRfu35kuoVJcegarIzhaWRU/kcD3SzfoGknmGDXoX3U+5Vq65FLQA/zfh1sy1aXnO8fs4RP7RWKBvTTD3FtXNbv+Kz1hUJFFIeoUt4QzW/pxgaXugVKVLHGPDDu2nqGy/2ZLCe5OkP/gtUMXgWeMPVIyPbV1vHfZSwJxpny/FGRF8fbKH/RrvYB6K65Bm/YDSUPaGzqJ2oMfpXyts1jqIW6xn5arY4QkEN3CrudqnE1d+RCjst3FIbqrn4U
x-microsoft-antispam: UriScan:(22321516928792); BCL:0; PCL:0; RULEID:; SRVR:CY4PR02MB2567;
x-microsoft-antispam-prvs: <CY4PR02MB25672D4BC028E895298050CCC3E70@CY4PR02MB2567.namprd02.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(201822940525970)(278428928389397)(166708455590820)(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040176)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(61426038)(61427038); SRVR:CY4PR02MB2567; BCL:0; PCL:0; RULEID:; SRVR:CY4PR02MB2567;
x-forefront-prvs: 00550ABE1F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(7916002)(51444003)(189002)(199003)(97736004)(230783001)(82746002)(87936001)(83506001)(4001350100001)(5660300001)(122556002)(450100001)(5002640100001)(99286002)(83716003)(106116001)(106356001)(105586002)(189998001)(586003)(3846002)(6116002)(102836003)(86362001)(107886002)(110136002)(2906002)(7846002)(2900100001)(15975445007)(66066001)(7736002)(305945005)(81156014)(77096005)(10400500002)(10090500001)(92566002)(8936002)(8676002)(68736007)(81166006)(11100500001)(36756003)(229853001)(54356999)(50986999)(3280700002)(19580395003)(101416001)(3660700001)(19625735002)(33656002)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR02MB2567; H:CY4PR02MB2566.namprd02.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: adobe.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <B485335272A3D7419148D35B2326649C@namprd02.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: adobe.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Sep 2016 23:25:49.3770 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: fa7b1b5a-7b34-4387-94ae-d2c178decee1
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR02MB2567
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/yKbjLYUcxHHdj63PbrWbte12jBE>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Sep 2016 23:25:55 -0000
This is my (personal) response to comments on draft-hardy-pdf-mime -02 and -03. I haven't had a chance to review all of these with all of the co-authors. There is a new -04 draft now. I'll send individual responses as requested with references to this discussion; I’m trying to reply to reviews by: S Moonesamy, Phillip Hallam-Baker, John Klensin, Kathleen Moriarty, Stephen Farrell, Dan Romascanu, Mirja Kuehlewind, Ben Campbell ======== History: I volunteered to help with draft-hansen-rfc-use-of-pdf; the history history of PDF wasn't right, and the registration in 3778 did need to reflect the ‘change controller’. This draft was started in the same github repo, until https://github.com/masinter/pdfrfc/commit/a7208154d541613ba66f59aab6e1507754fe26e4 I talked the ISO committee working on PDF 2 to take on owning the "fragment identifier" semantics; it wasn't part of the PDF 1.7 definition that got fast tracked, but it belonged with the PDF spec. (In general, those defining file formats and registering them need to be prodded into owning the "fragment identifier semantics".) I don't know of any other instance of an ISO committee defining a media type. The ISO committee wants to put the RFC number into the PDF 2 spec, while this spec wants to make normative reference to the (likely-to-be-approved-in-2017) PDF-2 spec. Note that application/pdf was FIRST registered in 1993 (23 years ago) by Paul Lindner for use in the gopher protocol. I was one of the GopherCon '93 attendees to urge him to do so (and TimBL to use content-type in HTTP/1.0). "application/pdf" was chosen before the introduction of the vnd. prefix. When the "standards tree" and "vendor tree" distinction was introduced, application/pdf was grandfathered rather than forced to application/vnd.adobe.pdf. It's only relatively recently that it now qualifies for "standards tree". Just to update the media type registry might not even be necessary. (The text/html registration was updated without an RFC to obsolete RFC 2854.) Does any of this history belong in the document? I didn't think so. ====== Editorial: The paragraph numbers are a feature of xml2rfc. I turned them off. Yes, the Introduction should say "It obsoletes [RFC3778]." and RFC3778 added to Informative references. ====== Interoperability considerations: I put in a reference to ISO 32000-1 Annex I "PDF Versions and Compatibility" talks about the use of version numbers and backward compatibility. http://wwwimages.adobe.com/content/dam/Adobe/en/devnet/pdf/pdfs/PDF32000_2008.pdf#page=735 There's a lengthier blog post/paper by Jim King: http://blogs.adobe.com/insidepdf/2009/08/pdf_evolution_and_compatibilit.html http://blogs.adobe.com/insidepdf/Compatibility_090819.pdf ... but it's older, Jim has retired and unlikely to update it, I don't know if the URL is stable (it's a blog, not an official document). Is it worth referencing? I thought not. ====== Security considerations: There were a lot of comments about Security Considerations. It's true that lots of RFC 3778's security considerations got replaced, here's the commit: https://github.com/mrbhardy/pdfmime/commit/76904f445bd35a472f759bc45a25d24f695d40f0 As I understood it, the feeling was that the previous text was wrong or misleading, that these days many formats allow scripting, and the techniques and reasons for sandboxing well known. Version -04 adds to the end of “Security Considerations”: PDF interpreters executing any scripts or programs related to these constructs must be extremely careful to insure that untrusted software is executed in a protected environment. PDF has been around a long time; a search for "PDF malware" turns up lots of hits. I too wish there were an ISO or other document that could be cited, but I haven't found one. Is it necessary to say more, in the MIME type registration? It might help to clarify who "Security Considerations" in MIME registrations are mainly for. Don't think of developers of PDF viewers/interpreters, think of system administrators, makers of firewalls, proxies. People who don't really care about PDF, who won't study the spec, just want to know what they should watch for, beyond the usual for every file type. Having a target audience might help. ======== (PH-B) MIME types should identify content which has scripts/macros: I wasn't sure if you meant the type itself, or that content should be labeled. I'm not sure how this applies to the application/pdf registration. In general, a label "I have no scripts" isn't helpul because bad guys can lie [RFC 3514]. You can refuse to run scripts, or run them with limited access. ===== Signatures add trust: > PDF also has a signature capability which is relevant. If the Macros are > signed by a trustworthy party, they are less of a concern than random > Macros. Is this true? malware that reproduces itself can't be signed and transmitted. ======= Subsets without scripting? > ... some of the subsets do not allow > embedded scripting. If that is correct, it should certainly be > mentioned. I mentioned it for PDF/A in passing, although it is not clear how this helps. A file could lie and say it was PDF/A but still have scripts. ================ Adobe PDF vs ISO specs > how the current ISO version of PDF compares to the Adobe version ISO 32000-1 was adopted using ISO Fast-Track process and is technically identical to Adobe Portable Document Format version 1.7. The Fast-Track process doesn't allow any technical changes; it was just rewritten in ISO-spec style. > If the difference is significant, then a new > media type, not reuse of an old one, is required. Even if it is > not that significant, it appears to me (as a co-author of RFC > 6838) that there is a strong case to be made for parameters that > identify versions and/or specific subsets to help applications > to identify viewers or processors that will not fail. The > authors may have good reasons to not include either parameter, > but it seems to me that the I-D should then explain why not. There are no technical differences between Adobe PDF 1.7 and ISO 32000-1:2008. I don't see a case for version or subset parameters in content-type headers here or most anywhere that backward and forward compatibility has been carefully planned. As with most living file formats, if you want to consume files using the latest features in their fullest, you want to have an up-to-date viewer; publishers can target earlier versions for wider applicability and reliability. I think that’s it. Thanks all for your reviews, Larry -- http://larry.masinter.net
- reply to comments on draft-hardy-pdf-mime Larry Masinter