The application/pdf Media Type
draft-hardy-pdf-mime-05
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2017-03-10
|
05 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2017-03-02
|
05 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2017-03-01
|
05 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2017-02-28
|
05 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2017-02-28
|
05 | (System) | IANA Action state changed to Waiting on RFC Editor from Waiting on Authors |
2017-02-27
|
05 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2017-02-27
|
05 | (System) | RFC Editor state changed to EDIT |
2017-02-27
|
05 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2017-02-27
|
05 | (System) | Announcement was received by RFC Editor |
2017-02-27
|
05 | (System) | IANA Action state changed to In Progress |
2017-02-27
|
05 | Amy Vezza | IESG state changed to Approved-announcement sent from IESG Evaluation::AD Followup |
2017-02-27
|
05 | Amy Vezza | IESG has approved the document |
2017-02-27
|
05 | Amy Vezza | Closed "Approve" ballot |
2017-02-27
|
05 | Amy Vezza | Ballot approval text was generated |
2017-02-27
|
05 | Alexey Melnikov | RFC Editor Note was cleared |
2017-02-27
|
05 | Alexey Melnikov | Ballot writeup was changed |
2017-02-27
|
05 | Stephen Farrell | [Ballot comment] Thanks for handling my discuss point. I think the security considerations text now seems sufficient. Though I would still encourage adding some more … [Ballot comment] Thanks for handling my discuss point. I think the security considerations text now seems sufficient. Though I would still encourage adding some more references if possible, but that's a non-blocking comment, so no need to do anything if you think it's right as-is. OLD COMMENT text below, still happy to chat about it if that's useful. My old comment and discuss point-2 below. I think Larry answered opint-2 well enough in [2]. I'd suggest adding a reference to [3] would be useful as well. [3] http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.174.2980&rep=rep1&type=pdf (2) section 6: It's a pity there's no ISO document to reference in this section as PDF files have been the vector for various threats over the years. Can't you find some reference (from ISO or not) that a viewer or author developer would find helpful? That section seems pretty vague to me as-is. (In particular the last clause of the last sentence in this section is not useful.) And I see from the discussion of the secdir review ([1], did any authors respond to that? If so I didn't see it, sorry). The discuss point here is that we seem to have less good security considerations compared with RFC3778, and I think that ought be justified if it's the right thing to do. (Not necessarily in the document if that's not correct, but at least as part of the record, e.g. in response to this.) [1] https://www.ietf.org/mail-archive/web/secdir/current/msg06674.html comments - section 4: why no reference for PDF/A? I'd have thought that was the most important one for which a good reference is needed? The referred document is [ISOPDFA] in 8.2 so I guess this is just an editing glitch. |
2017-02-27
|
05 | Stephen Farrell | [Ballot Position Update] Position for Stephen Farrell has been changed to No Objection from Discuss |
2017-02-26
|
05 | Alexey Melnikov | IESG state changed to IESG Evaluation::AD Followup from IESG Evaluation::Revised I-D Needed |
2017-02-24
|
05 | Alexey Melnikov | IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation::AD Followup |
2017-02-23
|
05 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2017-02-23
|
05 | Larry Masinter | New version available: draft-hardy-pdf-mime-05.txt |
2017-02-23
|
05 | (System) | New version approved |
2017-02-23
|
05 | (System) | Request for posting confirmation emailed to previous authors: Duff Johnson , Dejan Markovic , Larry Masinter , Matthew Hardy , Martin Bailey |
2017-02-23
|
05 | Larry Masinter | Uploaded new revision |
2016-10-15
|
04 | Alexey Melnikov | IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation::AD Followup |
2016-09-05
|
04 | Stephen Farrell | [Ballot discuss] I have one remaining thing I'd like to discuss about this draft that I don't think was answered in Larry's earlier response. [2] … [Ballot discuss] I have one remaining thing I'd like to discuss about this draft that I don't think was answered in Larry's earlier response. [2] [2] https://mailarchive.ietf.org/arch/msg/ietf/yKbjLYUcxHHdj63PbrWbte12jBE (1) section 3: Are there any potential security issues with namedest as a parameter? E.g. has any PDF reader or MIME handler followed an absolute URL for the value there perhaps? If so, is there a warning it'd be useful to give? Are there any other similarly known potential vulnerabilities for other parameters? (Maybe fdf or ef?) (This is also related to discuss-point-2 below) I don't think this was answered in [2]. To try rephrase it: "What (if any) security considerations text is needed about the parameters of application/pdf?" |
2016-09-05
|
04 | Stephen Farrell | [Ballot comment] My old comment and discuss point-2 below. I think Larry answered opint-2 well enough in [2]. I'd suggest adding a reference to [3] … [Ballot comment] My old comment and discuss point-2 below. I think Larry answered opint-2 well enough in [2]. I'd suggest adding a reference to [3] would be useful as well. [3] http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.174.2980&rep=rep1&type=pdf (2) section 6: It's a pity there's no ISO document to reference in this section as PDF files have been the vector for various threats over the years. Can't you find some reference (from ISO or not) that a viewer or author developer would find helpful? That section seems pretty vague to me as-is. (In particular the last clause of the last sentence in this section is not useful.) And I see from the discussion of the secdir review ([1], did any authors respond to that? If so I didn't see it, sorry). The discuss point here is that we seem to have less good security considerations compared with RFC3778, and I think that ought be justified if it's the right thing to do. (Not necessarily in the document if that's not correct, but at least as part of the record, e.g. in response to this.) [1] https://www.ietf.org/mail-archive/web/secdir/current/msg06674.html comments - section 4: why no reference for PDF/A? I'd have thought that was the most important one for which a good reference is needed? The referred document is [ISOPDFA] in 8.2 so I guess this is just an editing glitch. |
2016-09-05
|
04 | Stephen Farrell | Ballot comment and discuss text updated for Stephen Farrell |
2016-09-04
|
04 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2016-09-04
|
04 | Larry Masinter | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2016-09-04
|
04 | Larry Masinter | New version available: draft-hardy-pdf-mime-04.txt |
2016-09-01
|
03 | Cindy Morgan | IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation |
2016-09-01
|
03 | Alexey Melnikov | RFC Editor Note was changed |
2016-09-01
|
03 | Alexey Melnikov | RFC Editor Note for ballot was generated |
2016-09-01
|
03 | Alexey Melnikov | RFC Editor Note for ballot was generated |
2016-09-01
|
03 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
2016-09-01
|
03 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2016-08-31
|
03 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
2016-08-31
|
03 | Ben Campbell | [Ballot comment] I agree with all the security comments. I also agree with Suresh that the paragraph numbers are distracting. While they may be useful … [Ballot comment] I agree with all the security comments. I also agree with Suresh that the paragraph numbers are distracting. While they may be useful in the review process, they will distract readers down the road. |
2016-08-31
|
03 | Ben Campbell | [Ballot Position Update] New position, No Objection, has been recorded for Ben Campbell |
2016-08-31
|
03 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2016-08-31
|
03 | Alissa Cooper | [Ballot comment] Agree with others' comments about the security considerations. |
2016-08-31
|
03 | Alissa Cooper | [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper |
2016-08-31
|
03 | Dan Romascanu | Request for Telechat review by GENART Completed: Ready. Reviewer: Dan Romascanu. |
2016-08-31
|
03 | Mirja Kühlewind | [Ballot comment] I agree with others that the security section doesn't provide much: it neither describes how attacks could look like, nor how to handle … [Ballot comment] I agree with others that the security section doesn't provide much: it neither describes how attacks could look like, nor how to handle them concretely. However, it also not clear to me if this is the right document to discuss these things or if a different doc would be needed. |
2016-08-31
|
03 | Mirja Kühlewind | [Ballot Position Update] New position, No Objection, has been recorded for Mirja Kühlewind |
2016-08-30
|
03 | Suresh Krishnan | [Ballot comment] Why are there "" paragraph numbers in this document? They feel distracting. |
2016-08-30
|
03 | Suresh Krishnan | [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan |
2016-08-30
|
03 | Terry Manderson | [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson |
2016-08-30
|
03 | Stephen Farrell | [Ballot discuss] I have two things I'd like to discuss about this draft: (1) section 3: Are there any potential security issues with namedest as … [Ballot discuss] I have two things I'd like to discuss about this draft: (1) section 3: Are there any potential security issues with namedest as a parameter? E.g. has any PDF reader or MIME handler followed an absolute URL for the value there perhaps? If so, is there a warning it'd be useful to give? Are there any other similarly known potential vulnerabilities for other parameters? (Maybe fdf or ef?) (This is also related to discuss-point-2 below) (2) section 6: It's a pity there's no ISO document to reference in this section as PDF files have been the vector for various threats over the years. Can't you find some reference (from ISO or not) that a viewer or author developer would find helpful? That section seems pretty vague to me as-is. (In particular the last clause of the last sentence in this section is not useful.) And I see from the discussion of the secdir review ([1], did any authors respond to that? If so I didn't see it, sorry). The discuss point here is that we seem to have less good security considerations compared with RFC3778, and I think that ought be justified if it's the right thing to do. (Not necessarily in the document if that's not correct, but at least as part of the record, e.g. in response to this.) [1] https://www.ietf.org/mail-archive/web/secdir/current/msg06674.html comments |
2016-08-30
|
03 | Stephen Farrell | [Ballot comment] - section 4: why no reference for PDF/A? I'd have thought that was the most important one for which a good reference is … [Ballot comment] - section 4: why no reference for PDF/A? I'd have thought that was the most important one for which a good reference is needed? The referred document is [ISOPDFA] in 8.2 so I guess this is just an editing glitch. |
2016-08-30
|
03 | Stephen Farrell | [Ballot Position Update] New position, Discuss, has been recorded for Stephen Farrell |
2016-08-30
|
03 | Kathleen Moriarty | [Ballot Position Update] Position for Kathleen Moriarty has been changed to No Objection from No Record |
2016-08-30
|
03 | Kathleen Moriarty | [Ballot comment] In the Security considerations, the text starts off saying: The PDF file format allows several constructs which may compromise security if … [Ballot comment] In the Security considerations, the text starts off saying: The PDF file format allows several constructs which may compromise security if handled inadequately by PDF processors. Shouldn't this go a step further to also include the consideration that the feature could be exploited by an attacker? I don't see how it is enough for the processor to handle all possible exploits. If I am wrong, please explain. |
2016-08-30
|
03 | Kathleen Moriarty | Ballot comment text updated for Kathleen Moriarty |
2016-08-30
|
03 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2016-08-29
|
03 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
2016-08-25
|
03 | Jean Mahoney | Request for Telechat review by GENART is assigned to Dan Romascanu |
2016-08-25
|
03 | Jean Mahoney | Request for Telechat review by GENART is assigned to Dan Romascanu |
2016-08-11
|
03 | Alexey Melnikov | Telechat date has been changed to 2016-09-01 from 2016-08-18 |
2016-08-10
|
03 | (System) | IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed |
2016-08-04
|
03 | Alexey Melnikov | IESG state changed to IESG Evaluation from IESG Evaluation::Revised I-D Needed |
2016-08-04
|
03 | Alexey Melnikov | [Ballot comment] A reply to SecDir review is needed from editors. |
2016-08-04
|
03 | Alexey Melnikov | Ballot comment text updated for Alexey Melnikov |
2016-08-04
|
03 | Alexey Melnikov | Ballot has been issued |
2016-08-04
|
03 | Alexey Melnikov | [Ballot Position Update] New position, Yes, has been recorded for Alexey Melnikov |
2016-08-04
|
03 | Alexey Melnikov | Created "Approve" ballot |
2016-08-04
|
03 | Alexey Melnikov | Ballot writeup was changed |
2016-08-04
|
03 | Alexey Melnikov | Authors promised me another revision. |
2016-08-04
|
03 | Alexey Melnikov | IESG state changed to IESG Evaluation::Revised I-D Needed from Waiting for Writeup |
2016-08-01
|
03 | Gunter Van de Velde | Request for Last Call review by OPSDIR Completed: Ready. Reviewer: Rick Casarez. |
2016-07-21
|
03 | Alexey Melnikov | Changed consensus to Yes from Unknown |
2016-07-21
|
03 | Alexey Melnikov | Placed on agenda for telechat - 2016-08-18 |
2016-07-21
|
03 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2016-07-19
|
03 | Larry Masinter | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2016-07-19
|
03 | Larry Masinter | New version available: draft-hardy-pdf-mime-03.txt |
2016-07-18
|
02 | (System) | IANA Review state changed to IANA OK - Actions Needed from IANA - Review Needed |
2016-07-18
|
02 | Sabrina Tanamal | (Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs: IANA has completed its review of draft-hardy-pdf-mime-02.txt. If any part of this review is inaccurate, please let us know. IANA … (Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs: IANA has completed its review of draft-hardy-pdf-mime-02.txt. If any part of this review is inaccurate, please let us know. IANA understands that, upon approval of this document, there is a single action which IANA must complete. In the application media types subregistry of the Media Types registry located at: https://www.iana.org/assignments/media-types/ the existing registration will be updated with the information in Section 7 of the current document and the reference will be changed to [ RFC-to-be ]. IANA understands that this is the only action required to be completed upon approval of this document. Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed. Thank you, Sabrina Tanamal IANA Specialist ICANN |
2016-07-15
|
02 | Dan Romascanu | Request for Last Call review by GENART Completed: Ready. Reviewer: Dan Romascanu. |
2016-07-14
|
02 | Tero Kivinen | Request for Last Call review by SECDIR Completed: Has Issues. Reviewer: Phillip Hallam-Baker. |
2016-06-29
|
02 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Rick Casarez |
2016-06-29
|
02 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Rick Casarez |
2016-06-23
|
02 | Jean Mahoney | Request for Last Call review by GENART is assigned to Dan Romascanu |
2016-06-23
|
02 | Jean Mahoney | Request for Last Call review by GENART is assigned to Dan Romascanu |
2016-06-23
|
02 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Phillip Hallam-Baker |
2016-06-23
|
02 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Phillip Hallam-Baker |
2016-06-23
|
02 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
2016-06-23
|
02 | Amy Vezza | The following Last Call announcement was sent out: From: The IESG To: "IETF-Announce" CC: alexey.melnikov@isode.com, draft-hardy-pdf-mime@ietf.org Reply-To: ietf@ietf.org Sender: Subject: Last Call: (The application/pdf … The following Last Call announcement was sent out: From: The IESG To: "IETF-Announce" CC: alexey.melnikov@isode.com, draft-hardy-pdf-mime@ietf.org Reply-To: ietf@ietf.org Sender: Subject: Last Call: (The application/pdf Media Type) to Informational RFC The IESG has received a request from an individual submitter to consider the following document: - 'The application/pdf Media Type' as Informational RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2016-07-21. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract <1> The Portable Document Format (PDF) is an ISO standard (ISO 32000-1:2008) defining a final-form document representation language in use for document exchange, including on the Internet, since 1993. This document provides an overview of the PDF format and updates the media type registration of "application/pdf". The file can be obtained via https://datatracker.ietf.org/doc/draft-hardy-pdf-mime/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-hardy-pdf-mime/ballot/ No IPR declarations have been submitted directly on this I-D. |
2016-06-23
|
02 | Amy Vezza | IESG state changed to In Last Call from Last Call Requested |
2016-06-23
|
02 | Alexey Melnikov | Last call was requested |
2016-06-23
|
02 | Alexey Melnikov | Last call announcement was generated |
2016-06-23
|
02 | Alexey Melnikov | Ballot approval text was generated |
2016-06-23
|
02 | Alexey Melnikov | Ballot writeup was generated |
2016-06-23
|
02 | Alexey Melnikov | IESG state changed to Last Call Requested from AD Evaluation |
2016-06-23
|
02 | Alexey Melnikov | IESG state changed to AD Evaluation from Publication Requested |
2016-06-23
|
02 | Alexey Melnikov | IESG state changed to Publication Requested from AD is watching::AD Followup |
2016-06-08
|
02 | Alexey Melnikov | My AD review comments were addressed in the latest version. |
2016-06-06
|
02 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2016-06-06
|
02 | Larry Masinter | New version available: draft-hardy-pdf-mime-02.txt |
2016-05-13
|
01 | Alexey Melnikov | My AD review: Need to split references into Normative and Informative. What is "the default user space coordinate system"? (Are coordinate values in fragments measured … My AD review: Need to split references into Normative and Informative. What is "the default user space coordinate system"? (Are coordinate values in fragments measured in what?) Where are FDF files defined? Does mentioning of JavaScript and XObject need Informative References? In the media type registration template: Author/change controller: please clarify the text that 2 people listed are not change controllers, but authors/editors. E.g. XXX and YYY are authors. ISO ... is the change controller. The media type registration template has 2 separate fields, so the easiest way to fix this issue is to split them. |
2016-05-13
|
01 | Alexey Melnikov | IESG state changed to AD is watching::Revised I-D Needed from AD is watching |
2016-04-10
|
01 | Alexey Melnikov | IESG process started in state AD is watching |
2016-04-08
|
01 | Alexey Melnikov | Intended Status changed to Informational from None |
2016-04-08
|
01 | Alexey Melnikov | Stream changed to IETF from None |
2016-04-08
|
01 | Alexey Melnikov | Shepherding AD changed to Alexey Melnikov |
2016-04-07
|
01 | Larry Masinter | New version available: draft-hardy-pdf-mime-01.txt |
2014-07-21
|
00 | Larry Masinter | New version available: draft-hardy-pdf-mime-00.txt |