| Network Working Group | H. S. Thompson |
| Internet-Draft | University of Edinburgh |
| Obsoletes: 3023 (if approved) | C. Lilley |
| Updates: 6839 (if approved) | W3C |
| Intended status: Standards Track | November 04, 2013 |
| Expires: May 08, 2014 |
XML Media Types
draft-ietf-appsawg-xml-mediatypes-04
This specification standardizes three media types -- application/xml, application/xml-external-parsed-entity, and application/xml-dtd -- for use in exchanging network entities that are related to the Extensible Markup Language (XML) while defining text/xml and text/xml-external-parsed-entity as aliases for the respective application/ types. This specification also standardizes
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 08, 2014.
Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
The World Wide Web Consortium has issued the Extensible Markup Language (XML) 1.0 [XML] and Extensible Markup Language (XML) 1.1 [XML1.1] specifications. To enable the exchange of XML network entities, this specification standardizes three media types -- application/xml, application/xml-external-parsed-entity, and application/xml-dtd and two aliases -- text/xml and text/xml-external-parsed-entity, as well as a naming convention for identifying XML-based MIME media types (using '+xml').
XML has been used as a foundation for other media types, including types in every branch of the IETF media types tree. To facilitate the processing of such types, and in line with the recognition in [RFC6838] of structured syntax name suffixes, a suffix of '+xml' is described in Section 8. This will allow generic XML-based tools -- browsers, editors, search engines, and other processors -- to work with all XML-based media types.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this specification are to be interpreted as described in [RFC2119].
As defined in [RFC2781] (informative), the three
As sometimes happens between two communities, both MIME and XML have defined the term entity, with different meanings. Section 2.4 of [RFC2045] says:
Section 4 of [XML] says:
In this specification, "XML MIME entity" is defined as the latter (an XML entity) encapsulated in the former (a MIME entity).
Furthermore, XML provides for the naming and referencing of entities for purposes of inclusion and/or substitution. In this specification "XML-entity declaration/reference/..." is used to avoid confusion when referring to such cases.
Neither external DTD subsets nor external parameter entities parse as XML documents, and while some XML document entities may be used as external parsed entities and vice versa, there are many cases where the two are not interchangeable. XML also has unparsed entities, internal parsed entities, and internal parameter entities, but they are not XML MIME entities.
[RFC2376] or [RFC3023], this specification alters the charset handling of text/xml and text/xml-external-parsed-entity, treating them no differently from the respective application/ types
XML provides a general framework for defining sequences of structured data.
An XML document labeled as application/xml or text/xml, or with a '+xml' media type, might contain namespace declarations, stylesheet-linking processing instructions (PIs), schema information, or other declarations that might be used to suggest how the document is to be processed. For example, a document might have the XHTML namespace and a reference to a CSS stylesheet. Such a document might be handled by applications that would use this information to dispatch the document for appropriate processing.
text/xml is an alias for application/xml, as defined in Section 3.1 above.
text/xml-external-parsed-entity is an alias for application/xml-external-parsed-entity, as defined in Section 3.3 above.
Section 4.3.3 of [XML] specifies that XML MIME entities in the charset "utf-16" MUST begin with a byte order mark (BOM), which is a hexadecimal octet sequence 0xFE 0xFF (or 0xFF 0xFE, depending on endian). The XML Recommendation further states that the BOM is an encoding signature, and is not part of either the markup or the character data of the XML document.
Due to the presence of the BOM, applications that convert XML from "utf-16" to
In addition to the charset "utf-16", [RFC2781] introduces "utf-16le" (little endian) and "utf-16be" (big endian) as well. The BOM is prohibited for these
Uniform Resource Identifiers (URIs) [RFC3986]).
The syntax and semantics of fragment identifiers for the XML media types defined in this specification are based on the [XPointerFramework] W3C Recommendation. It allows simple names, and more complex constructions based on named schemes. When the syntax of a fragment identifier part of any URI or IRI with a retrieved media type governed by this specification conforms to the syntax specified in [XPointerFramework], [XPointerElement], but need not support other schemes.
If an XPointer error is reported in the attempt to process the part, this specification does not define an interpretation for the part.
A registry of XPointer schemes [XPtrReg] is maintained at the W3C. Document authors SHOULD NOT use unregistered schemes. Scheme authors SHOULD register their schemes
See Section 8.1 for additional
If [XPointerFramework] and [XPointerElement] are inappropriate for some XML-based media type, it SHOULD NOT follow the naming convention '+xml'.
When a URI has a fragment identifier, it is encoded by a limited subset of the repertoire of US-ASCII [ASCII] characters, as defined in [RFC3986].
Section 5.1 of [RFC3986] specifies that the semantics of a relative URI reference embedded in a MIME entity is dependent on the base URI. The base URI is [RFC3986] further specifies that the mechanism for embedding the base URI is dependent on the media type.
Note that the base URI
application/xml, application/xml-external-parsed-entity, and application/xml-dtd, text/xml and text/xml-external-parsed-entity are to be used with [XML][XML1.1].
The normative requirement of this specification upon XML[XML], section 4.3.3. Except for minor clarifications, that section is substantially identical from the first edition to the current (5th) edition of XML 1.0, and for XML 1.1
Specifications and recommendations based on or referring to this RFC SHOULD indicate any limitations on the particular versions
This section supersedes the earlier registration of the '+xml' suffix [RFC6839].
This specification recommends the use of a naming convention (a suffix of '+xml') for identifying XML-based [RFC6838] of structured syntax name suffixes. This allows the use of generic XML processors and technologies on a wide variety of different XML document types at a minimum cost, using existing frameworks for media type registration.
When a new media type is introduced for an XML-based format, the name of the media type SHOULD end with '+xml'
Media types following the naming convention '+xml' SHOULD introduce the charset parameter for consistency, since XML-generic processing applies the same program for any such media type. However, there are some cases that the charset parameter need not be introduced. For example:
XML generic processing is not always appropriate for XML-based media types. For example, authors of some such media types may wish that the types remain entirely opaque except to applications that are specifically designed to deal with that media type. By NOT following the naming convention '+xml', such media types can avoid XML-generic processing. Since generic processing will be useful in many cases, however -- including in some situations that are difficult to predict ahead of time --
The registration process for specific '+xml' media types is described in [RFC6838]
Registrations for new XML-based media types under top-level types SHOULD, in specifying the charset parameter and encoding considerations, define them as: "Same as [charset parameter / encoding considerations] of application/xml as specified in RFC XXXX."
These registrations SHOULD specify that the XML-based media type being registered has all of the security considerations described in RFC XXXX plus any additional considerations specific to that media type.
These registrations SHOULD also make reference to RFC XXXX in specifying magic numbers, base URIs, and use of the BOM.
These registrations MAY reference the application/xml registration in RFC XXXX in specifying interoperability considerations, if these considerations are not overridden by issues specific to that media type.
The examples below give the charset portion, if any, of the value of the MIME Content-type header and the XML declaration or Text declaration (which includes the encoding declaration) inside the XML MIME entity. For UTF-16 examples, the Byte Order Mark character
All the examples below apply to all five media types declared above in Section 3, as well as to any media types declared using the '+xml' conventionXML MIME entities table [xml_entities] for discussion of which types are appropriate for which varieties of XML MIME entities.
This section is non-normative. In particular, note that all
Content-type charset: charset="utf-8"
<?xml version="1.0" encoding="utf-8"?>
This is the recommended encoding for use with all the media types defined in this specification. Since the charset parameter is provided
If sent using a 7-bit transport (e.g. SMTP [RFC5321]), the XML MIME entity
Content-type charset: charset="utf-16"
{BOM}<?xml version="1.0" encoding="utf-16"?>
or
{BOM}<?xml version="1.0"?>
For application/... cases, if sent using a 7-bit transport (e.g. SMTP) or an 8-bit clean transport (e.g. 8BITMIME, ESMTP or NNTP), the XML MIME entity
As described in [RFC2781], the UTF-16 family [RFC2616] for details). Hence this example is only possible in text/... cases when the XML MIME entity is transmitted via HTTP or HTTPS, which use a MIME-like mechanism and are binary-clean protocols, hence do not perform CR and LF transformations and allow NUL octets. Since HTTP is binary clean, no content-transfer-encoding is necessary
Content-type charset: [none]
<?xml version="1.0" encoding="iso-8859-1"?>
Since the charset parameter is not provided in the Content-Type header
Content-type charset: [none]
{BOM}<?xml version="1.0" encoding="utf-16"?>
or
{BOM}<?xml version="1.0"?>
This example shows a 16-bit MIME entity with no charset parameter.
Omitting the charset parameter is discussion above [tx16]).
Content-type charset: [none]
<?xml version='1.0'?>
In this example, the charset parameter has been omitted, [XML] to determine the charset encoding of UTF-8. Although the XML MIME entity does not contain an encoding declaration, the encoding actually is UTF-8, so this is still a conforming XML MIME entity.
An XML-unaware MIME processor
See Section 9.1 for transport-related issues for UTF-8 XML MIME entities.
Content-type charset: charset="utf-16be"
<?xml version='1.0' encoding='utf-16be'?>
Observe that the BOM does not exist. Since the charset parameter is provided
See also the additional considerations in the UTF-16 example [utf16] above.
Content-type charset: charset="iso-2022-kr"
<?xml version="1.0" encoding="iso-2022-kr"?>
This example shows the use of a non-UTF charset (in this case Hangul, but this example is intended to cover all non-UTF-family
Since ISO-2022-KR [RFC1557] has been defined to use only 7 bits of data, no content-transfer-encoding is necessary with any transport: for Section 9.1, Section 9.2) would apply.
Content-type charset: [none]
<?xml version='1.0' encoding="iso-10646-ucs-4"?>
In this example, the charset parameter has been omitted, and there is no BOM. However, the XML MIME entity does have an encoding declaration inside the XML MIME entity that specifies the entity's charset. Following the requirements in section 4.3.3, and optionally applying the mechanism described in Appendix F (non-normative) of [XML], the XML processor determines the charset encoding of the XML MIME entity (in this example, UCS-4).
An XML-unaware MIME processor
For Section 9.1, Section 9.2) would apply
Content-type charset: charset="
<?xml version="1.0" encoding="
Processors generating XML MIME entities
As described in Section 8, this specification updates the [RFC6839] registration
XML MIME entities contain information which may be parsed and further processed by the recipient
In general, any information stored outside of the direct control of the user -- including CSS style sheets, XSL transformations, XML-entity declarations, and DTDs -- can be a source of insecurity, by either obvious or subtle means. For example, a tiny "whiteout attack" modification made to a "master" style sheet could make words in critical locations disappear in user documents, without directly modifying the user document or the stylesheet it references. Thus, the security of any XML document is vitally dependent on all of the documents recursively referenced by that document.
The XML-entity lists and DTDs for XHTML 1.0 [XHTML], for instance, are likely to be a commonly used set of information. Many developers will use and trust them, few of whom will know much about the level of security on the W3C's servers, or on any similarly trusted repository.
The simplest attack involves adding declarations that break validation. Adding extraneous declarations to a list of character XML-entities can effectively "break the contract" used by documents. A tiny change that produces a fatal error in a DTD could halt XML processing on a large scale. Extraneous declarations are fairly obvious, but more sophisticated tricks, like changing attributes from being optional to required, can be difficult to track down. Perhaps the most dangerous option available to
Apart from the structural possibilities, another option, "XML-entity spoofing," can be used to insert text into documents, vandalizing and perhaps conveying an unintended message. Because XML permits multiple XML-entity declarations, and the first declaration takes precedence, it is possible to insert malicious content where an XML-entity reference is used, such as by inserting the full text of Winnie the Pooh in
Security considerations will vary by domain of use. For example, XML medical records will have much more stringent privacy and security considerations than XML library metadata. Similarly, use of XML as a parameter marshalling syntax necessitates a case by case security review.
XML may also have some of the same security concerns as plain text. Like plain text, XML can contain escape sequences that, when displayed, have the potential to change the display processor environment in ways that adversely affect subsequent operations. Possible effects include, but are not limited to, locking the keyboard, changing display parameters so subsequent displayed text is unreadable, or even changing display parameters to deliberately obscure or distort subsequent displayed material so that its meaning is lost or altered. Display processors SHOULD either filter such material from displayed text or else make sure to reset all important settings after a given display operation is complete.
Some terminal devices have keys whose output, when pressed, can be changed by sending the display processor a character sequence. If this is possible the display of a text object containing such character sequences could reprogram keys to perform some illicit or dangerous action when the key is subsequently pressed by the user. In some cases not only can keys be programmed, they can be triggered remotely, making it possible for a text display operation to directly perform some unwanted action. As such, the ability to program keys SHOULD be blocked either by filtering or by disabling the ability to program keys entirely.
Note that it is also possible to construct XML documents that make use of what XML terms "[XML-]entity references" to construct repeated expansions of text. Recursive expansions are prohibited by [XML] and XML processors are required to detect them. However, even non-recursive expansions may cause problems with the finite computing resources of computers, if they are performed many times.
[RFC3023] contains a detailed discussion of the (at the time) novel use of a suffix, a practice which has since become widespread. Interested parties are referred to [RFC3023], Appendix A.
There are numerous and significant differences between this specification and [RFC3023], which it obsoletes. This appendix summarizes the major differences only.
First, XPointer ([XPointerFramework] and [XPointerElement]) has been added as fragment identifier syntax for "application/xml", and the XPointer Registry ([XPtrReg]) mentioned. Second, [XMLBase] has been added as a mechanism for specifying base URIs. Third, the language regarding Internet Media Type registration, consistency of use [TAGMIME]. Fourth, many references are updated, and the existence
This specification reflects the input of numerous participants to the ietf-xml-mime@imc.org
Mark Baker, James Clark, Dan Connolly, Martin Duerst, Ned Freed, Yaron Goland,
Jim Whitehead and Simon St.Laurent were editors of [RFC2376] and [RFC3023], respectively.