<hat="individual">
For me the point is, currently we have a table in the document, which
inside an RFC is rather static and hard to extend.
So it looks like a good case for a registry to allow for extendibility
for new mime-types. (e.g. we keep the table in the document, create an
IANA registry, copy the values to the registry and allow for future
entries by expert review)
That can either be added to the current Mime-type registry, or we create
a new one (e.g. within the websec namespace) with only these elements.
Just my 5cents.
Tobias
On 25/10/11 05:23, Adam Barth wrote:
On Mon, Oct 24, 2011 at 9:07 PM, "Martin J. Dürst"
<[email protected]> wrote:
On 2011/10/25 11:21, Adam Barth wrote:
http://trac.tools.ietf.org/wg/websec/trac/ticket/17 refers to an IANA
registry with magic numbers for various media types. I wanted to
compare them to what's in the draft, but I couldn't find it. I found
the media type registry, e.g., for images:
http://www.iana.org/assignments/media-types/image/index.html
but I don't see any magic numbers. Would someone be willing to point
me in the right direction?
They are in the templates. To get the template for a registration, start at
the overview page (http://www.iana.org/assignments/media-types/index.html).
Then go to the page that lists all the registration for a give top level,
e.g. http://www.iana.org/assignments/media-types/image/index.html for
images.
Then look at each registration template (click on the link in the left
column, or in the right column if the left one doesn't have a link and the
right one is to an RFC). You may then find a magic number in the
registration template. As an example, for image/jp2, the template is at
http://www.iana.org/assignments/media-types/image/jp2.
But it looks like earlier templates didn't have a field for a magic number,
and this and the reasons Anne gave make this information helpful for
cross-checking, but not much more.
== Images ==
PNG has a registration template
<http://www.iana.org/assignments/media-types/image/png>, but lacks a
signature.
JPEG doesn't have a template.
GIF doesn't have a template.
BMP isn't even registered.
WEBP isn't even registered.
ICO has a registration template
<http://www.iana.org/assignments/media-types/image/vnd.microsoft.icon>
and has the correct signature. Yay!
== Text ==
HTML lacks a registration template.
== Application ==
PDF doesn't have a template.
Postscript doesn't have a template.
OGG doesn't have a template.
RAR isn't even registered.
ZIP has a registration template
<http://www.iana.org/assignments/media-types/application/zip>, but
lacks a signature.
GZIP isn't even registered.
RSS isn't even registered.
Atom lacks a registration template.
== Audio ==
WAV isn't even registered.
== Video ==
MP4 lacks a registration template.
WebM isn't even registered.
This does not look like a promising approach. Note: I haven't even
looked through all the registrations to see how many have signatures
that we shouldn't be using.
Adam
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
