- From: Michael[tm] Smith <mike@w3.org>
- Date: Mon, 22 Oct 2012 17:13:56 +0900
- To: Ian Hickson <ian@hixie.ch>
- Cc: whatwg@whatwg.org
Hixie, Comments from IANA on text/cache-manifest. (This is the last one for now.) --Mike ----- Forwarded message from Amanda Baber via RT <iana-mime@iana.org> ----- Subject: [IANA #598702] Registration for text/cache-manifest media type From: Amanda Baber via RT <iana-mime@iana.org> To: mike@w3.org Date: Sun, 14 Oct 2012 07:21:43 +0000 Dear Michael, The IESG-designated expert has reviewed your application and returned the inline comments below. Please reply to this email within 30 days (i.e. by 13 November) with a revised application. If you have any questions, please don't hesitate to contact us. Best regards, Amanda Baber IANA Analyst ICANN === > This is a request to register the text/cache-manifest media type by > reference to the HTML5 specification: > http://www.w3.org/TR/html5/iana.html#text-cache-manifest > --------------------------------------------------------------------------- > Type name: > text > Subtype name: > cache-manifest > Required parameters: > No parameters > Optional parameters: > No parameters > Encoding considerations: > 8bit (always UTF-8) > Security considerations: > Cache manifests themselves pose no immediate risk unless sensitive > information is included within the manifest. Implementations, however, > are required to follow specific rules when populating a cache based on a > cache manifest, to ensure that certain origin-based restrictions are > honored. Failure to correctly implement these rules can result in > information leakage, cross-site scripting attacks, and the like. This is pretty good, but it would be better if this was a little more specific. How about changing the first sentence to read: Cache manifests do not contain active or executable content and pose no immediate risk unless sensitive information is included within the manifest. It would also be helpful, but not required, to include something about how manifests containing sensitive material should be handled. > Interoperability considerations: > Rules for processing both conforming and non-conforming content are > defined in the HTML5 specification. > Published specification: > The HTML5 specification is the relevant specification. > http://www.w3.org/TR/html5/iana.html#text-cache-manifest This is a pointer to the registration. It needs to be replaced either with one to the specification as a whole or to the section(s) where cache-manifest is specified. > Applications that use this media type: > Web browsers. > Additional information: > Magic number(s): > Cache manifests begin with the string "CACHE MANIFEST", followed by > either a U+0020 SPACE character, a "tab" (U+0009) character, a "LF" > (U+000A) character, or a "CR" (U+000D) character. > File extension(s): > "appcache" > Macintosh file type code(s): > No specific Macintosh file type codes are recommended for this type. > Person & email address to contact for further information: > Michael[tm] Smith <mike@w3.org> > Intended usage: > Common > Restrictions on usage: > No restrictions apply. > Author: > Ian Hickson <ian@hixie.ch> > Change controller: > W3C > Fragment identifiers have no meaning with text/cache-manifest resources. > --------------------------------------------------------------------------- > -- > Michael[tm] Smith http://people.w3.org/mike ----- End forwarded message ----- -- Michael[tm] Smith http://people.w3.org/mike
Received on Monday, 22 October 2012 08:14:25 UTC