W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2012

[whatwg] FW: [[IANA #598702] Registration for text/cache-manifest media type]

From: Michael[tm] Smith <mike@w3.org>
Date: Mon, 22 Oct 2012 17:13:56 +0900
To: Ian Hickson <ian@hixie.ch>
Message-ID: <20121022081354.GR23069@sideshowbarker>
Cc: whatwg@whatwg.org
Hixie,

Comments from IANA on text/cache-manifest. (This is the last one for now.)

  --Mike

----- Forwarded message from Amanda Baber via RT <iana-mime@iana.org> -----

Subject: [IANA #598702] Registration for text/cache-manifest media type
From: Amanda Baber via RT <iana-mime@iana.org>
To: mike@w3.org
Date: Sun, 14 Oct 2012 07:21:43 +0000

Dear Michael,

The IESG-designated expert has reviewed your application and returned 
the inline comments below. Please reply to this email within 30 days 
(i.e. by 13 November) with a revised application. 

If you have any questions, please don't hesitate to contact us.

Best regards,

Amanda Baber
IANA Analyst
ICANN

===

> This is a request to register the text/cache-manifest media type by
> reference to the HTML5 specification:

> http://www.w3.org/TR/html5/iana.html#text-cache-manifest

>
---------------------------------------------------------------------------
> Type name:
> text

> Subtype name:
> cache-manifest

> Required parameters:
> No parameters

> Optional parameters:
> No parameters

> Encoding considerations:
> 8bit (always UTF-8)

> Security considerations:
> Cache manifests themselves pose no immediate risk unless sensitive
> information is included within the manifest. Implementations, however,
> are required to follow specific rules when populating a cache based on a
> cache manifest, to ensure that certain origin-based restrictions are
> honored. Failure to correctly implement these rules can result in
> information leakage, cross-site scripting attacks, and the like.

This is pretty good, but it would be better if this was a little more
specific. How about changing the first sentence to read:

 Cache manifests do not contain active or executable content and pose no
 immediate risk unless sensitive information is included within the
manifest.

It would also be helpful, but not required, to include something about
how manifests containing sensitive material should be handled.

> Interoperability considerations:
> Rules for processing both conforming and non-conforming content are
> defined in the HTML5 specification.

> Published specification:
> The HTML5 specification is the relevant specification.
> http://www.w3.org/TR/html5/iana.html#text-cache-manifest

This is a pointer to the registration. It needs to be replaced either
with one to the specification as a whole or to the section(s) where
cache-manifest is specified.

> Applications that use this media type:
> Web browsers.

> Additional information:
> Magic number(s):
> Cache manifests begin with the string "CACHE MANIFEST", followed by
> either a U+0020 SPACE character, a "tab" (U+0009) character, a "LF"
> (U+000A) character, or a "CR" (U+000D) character.

> File extension(s):
> "appcache"

> Macintosh file type code(s):
> No specific Macintosh file type codes are recommended for this type.

> Person & email address to contact for further information:
> Michael[tm] Smith <mike@w3.org>

> Intended usage:
> Common

> Restrictions on usage:
> No restrictions apply.

> Author:
> Ian Hickson <ian@hixie.ch>

> Change controller:
> W3C

> Fragment identifiers have no meaning with text/cache-manifest resources.
>
---------------------------------------------------------------------------

> --
> Michael[tm] Smith http://people.w3.org/mike


----- End forwarded message -----

-- 
Michael[tm] Smith http://people.w3.org/mike
Received on Monday, 22 October 2012 08:14:25 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:48:11 GMT