ietf-xml-mime
[Top] [All Lists]

Re: Registration of media typeimage/svg+xml

2010-11-18 16:25:52

On Thursday, November 18, 2010, 10:26:51 PM, Ned wrote:

On 18.11.2010 21:01, Chris Lilley wrote:
 read BCP 13, RFC 4288 section 4.6 "Security requirements" where you will find

       A media type that employs compression may provide an opportunity
       for sending a small amount of data that, when received and
       evaluated, expands enormously to consume all of the recipient's
       resources.  All media types SHOULD state whether or not they
       employ compression, and if they do they should discuss
       what  steps need to be taken to avoid such attacks.

NF> Read the section again. It is clearly talking about media types that employ
NF> compression *internally*, not compression done at other layers.

NF> Any media type can, and often is, compressed at other layers. Discussion
NF> of such actions has no business being in any particular media type
NF> registration.

OK. 

NF> If, however, the answer is never - and I'm pretty sure it is - then all 
mention
NF> of compression needs to be dropped from this registration, as it is doing
NF> nothing useful and is just making things unclear. At most you might want a 
note
NF> about it in the encoding consideration sections saying external compression 
is
NF> often used with this type. Again, lots of media types are compressed at 
other
NF> layers; this has nothing to do with the image/svg+xml media type 
specifically.

In that case I can remove the section.

Julian, does that satisfy your concern as well?


-- 
 Chris Lilley   Technical Director, Interaction Domain                 
 W3C Graphics Activity Lead, Fonts Activity Lead
 Co-Chair, W3C Hypertext CG
 Member, CSS, WebFonts, SVG Working Groups