[dropping IANA and duplicates from Ccs]
On Thu July 14 2005 02:49, Martin Duerst wrote:
I agree with that reviewer that the type should not contain
'+' characters except before 'xml'. All other subtypes have used '-'
as a separator. The '+' separator was specifically introduced to
express the fact that the '+xml' part is something more than
a simple subtype.
Neither the MIME specifications nor draft-freed-media-type-reg-04.txt
define any "separator" (other than '/' between type and subtype). The
syntax merely provides a set of acceptable characters. A subtype name
of "!#$&.+-^_" is perfectly acceptable and contains no "separator".
The draft does mention "+xml" as a suffix convention as documented in
RFC 3023. We need to bear in mind the difference between rules and
conventions, as well as the voluntary nature of RFC conformance.
Although there is probably nothing in RFC 3023 explicitly
disallowing the use of '+' for "arbitrary use", I think that
the whole rationale for '+xml' in Appendix A of RFC 3023
(in particular http://www.ietf.org/rfc/rfc3023.txt, A.12)
seem to indicate that it shouldn't be done.
3023 defines a convention (3023 term) using a suffix (also the 3023
term). There is nothing in the MIME specifications, the Freed draft,
or RFC 3023 that implies that '+' has any special status per se.
I believe this argument is not strong enough to prevent approval of the
application/xhtml+voice+xml media type:
I concur.
2. The argument for having "+" in the subtype is unconvincing, given that
the simplest method to determine if something is XML is also the safest,
that is, if the last four characters are "+xml" or "/xml" then the
document is XML, otherwise it is not.
I vehemently disagree. The name and the content are different things --
sometimes content is mislabeled. It is absolutely not "the safest" to
assume particular content based solely on the name. Reasonable security
practice dictates examination of the content itself. The practice of
assuming particular content based solely upon the name, coupled with
automatic execution, has led to the spread of many, probably most, MS
Windows "worms".