Network Working Group C. Lilley Internet-Draft W3C Intended status: Standards Track October 25, 2016 Expires: April 28, 2017 The font Top Level Type draft-ietf-justfont-toplevel-03 Abstract This memo serves to register and document the "font" Top Level Type, under which the Internet Media subtypes for representation formats for fonts may be registered. This document also serves as a registration application for a set of intended subtypes, which are representative of some existing subtypes already in use, and currently registered under the "application" tree by their separate registrations. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 28, 2017. Copyright Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of Lilley Expires April 28, 2017 [Page 1] Internet-Draft The font Top Level Type October 2016 the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. 1. Specification development This section is non-normative. The source for this specification is maintained on GitHub [1]. The issues list [2] is also on GitHub. Discussion should be on the mailing list justfont@ietf.org [3]. 2. Introduction The process of setting type in computer systems and other forms of text presentation systems uses fonts in order to provide visual representations of the glyphs. Just as with images, for example, there are a number of ways to represent the visual information of the glyphs. Early font formats often used bitmaps, as these could have been carefully tuned for maximum readability at a given size on low- resolution displays. More recently, scalable vector outline fonts have come into widespread use: in these fonts, the outlines of the glyphs are described, and the presentation system renders the outline in the desired position and size. This document defines a new top-level Internet Media Type "font" according to Section 4.2.7 of [RFC6838]. This top-level type indicates that the content specifies font data. Under this top-level type, different representation formats of fonts may be registered (e.g. bitmap or outline formats). The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 3. Background and Justification Historically there has not been a registration of formats for fonts. More recently, there have been several representation formats registered as MIME subtypes under the "application" top-level type (for example, application/font-woff). However, with the rapid adoption of web fonts (based on the data from HTTP Archive [HTTP-Archive-Trends] showing a huge increase in web font usage from 1% in the end of 2010 to 50% across all sites in the beginning of 2015) custom fonts on the web have become a core web resource. As the in-depth analysis [Font-Media-Type-Analysis] shows, the lack of the intuitive top-level font type is causing significant confusion among developers - while currently defined font subtypes are severely under-utilized there are many more sites that already use non- existent (but highly intuitive) media types such as "font/woff", "font/ttf" and "font/truetype". At the same time, the majority of Lilley Expires April 28, 2017 [Page 2] Internet-Draft The font Top Level Type October 2016 sites resort to using generic types such as "application/octet- stream", "text/plain" and "text/html"; or use unregistrable types such as "application/x-font-ttf". Contrary to the expectations of the W3C WebFonts Working Group which developed WOFF, the officially defined IANA subtypes such as "application/font-woff" and "application/font-sfnt" see a very limited use - their adoption rates trail far behind as the actual use of web fonts continues to increase. The members of the W3C WebFonts WG concluded that the use of "application" top-level type is not ideal. First, the "application" sub-tree is treated (correctly) with great caution with respect to viruses and other active code. Secondly, the lack of a top-level type means that there is no opportunity to have a common set of optional attributes, such as are specified here. Third, fonts have a unique set of licensing and usage restrictions, which makes it worthwhile to identify this general category with a unique top-level type. The W3C WebFonts WG decided that the situation can be significantly improved if a set of font media types is registered using "font" as a dedicated top-level type. Based on the data analysis presented above, we conclude that it is the presence of simple and highly intuitive media types for images that caused the widespread adoption of IANA's recommendations, where the correct usage of existing media types reaches over 97% for all subtypes in the "image" tree. The WG considers that, considering a rapid adoption of fonts on the web, the registration of the top-level media type for fonts along with the intuitive set of subtypes that reflect popular and widely used data formats would further stimulate the adoption of web fonts, significantly simplify web server configuration process and facilitate the proper use of IANA media type recommendations. 4. Security considerations Fonts are interpreted data structures that represent collections of different tables containing data that represent different types of information, including glyph outlines in various formats, hinting instructions, metrics and layout information for multiple languages and writing systems, rules for glyph substitution and positioning, etc. Depending on the format used to represent the glyph data the font may contain TrueType [truetype-wiki], PostScript [postscript-wiki] or SVG [svg-wiki] outlines and their respective hint instructions, where applicable. There are many existing, already standardized font table tags and formats that allow an unspecified number of entries containing predefined data fields for storage of variable length binary data. Many existing (TrueType, OpenType [opentype-wiki] and OFF, SIL Graphite, WOFF, etc.) font formats are based on the table-based SFNT (scalable font) format Lilley Expires April 28, 2017 [Page 3] Internet-Draft The font Top Level Type October 2016 which is extremely flexible, highly extensible and offers an opportunity to introduce additional table structures when needed, in a way that would not affect existing font rendering engines and text layout implementations. However, this very extensibility may present specific security concerns - the flexibility and ease of adding new data structures makes it easy for any arbitrary data to be hidden inside a font file. There is a significant risk that the flexibility of font data structures may be exploited to hide malicious binary content disguised as a font data component. Fonts may contain 'hints', which are programmatic instructions that are executed by the font engine for the alignment of graphical elements of glyph outlines with the target display pixel grid. Depending on the font technology utilized in the creation of a font these hints may represent active code interpreted and executed by the font rasterizer. Even though hints operate within the confines of the glyph outline conversion system and have no access outside the font rendering engine, hint instructions can be, however, quite complex, and a maliciously designed complex font could cause undue resource consumption (e.g. memory or CPU cycles) on a machine interpreting it. Indeed, fonts are sufficiently complex, and most (if not all) interpreters cannot be completely protected from malicious fonts without undue performance penalties. Widespread use of fonts as necessary components of visual content presentation warrants that careful attention should be given to security considerations whenever a font is either embedded into an electronic document or transmitted alongside media content as a linked resource. While many existing font formats provide certain levels of protection of data integrity (such mechanisms include e.g. checksums and digital signatures), font data formats provide neither privacy nor confidentiality protection internally; if needed, such protection should be provided externally. 5. IANA Considerations This specification requires IANA to modify the rules for the existing Internet Media Types registry by adding a new font top-level type in the standards tree, updating the media types registration form [Media-Type-Registration], and registering several subtypes. 6. Definition and encoding The "font" as the primary media content type indicates that the content identified by it requires certain graphic subsystem such as font rendering engine (and, in some cases, text layout and shaping engine) to process font data, which in turn may require certain level of hardware capabilities such as certain levels of CPU performance Lilley Expires April 28, 2017 [Page 4] Internet-Draft The font Top Level Type October 2016 and available memory. The "font" media type does not provide any specific information about the underlying data format and how the font information should be interpreted - the subtypes defined within a "font" tree will name the specific font formats. Unrecognized sub- types of "font" should be treated as "application/octet-stream". Implementations may pass unrecognized subtypes to a common font- handling system, if such a system is available. 7. Defined subtypes In this section the initial entries under the top-level 'font' MIME type are documented. They also serve as examples for future registrations. For each subtype, an @font-face format identifer is defined. This is for use with the @font-face src descriptor, defined by the CSS3 Fonts specification [W3C.CR-css-fonts-3-20131003]. 7.1. Generic SFNT font type Type name: font Subtype name: sfnt Required parameters: None. Optional parameters: 1) Name: Outlines Value: TTF, CFF, SVG This parameter can be used to specify the type of outlines supported by the font. Value "TTF" shall be used when a font resource contains glyph outlines in TrueType format, value "CFF" shall be used to identify fonts containing PostScript/CFF outlines, and value SVG shall be used to identify fonts that include SVG outlines. TTF, CFF or SVG outlines can be present in various combinations in the same font file, therefore, this optional parameter is a list containing one or more items, separated by commas, with optional whitespace. Order in the list is not significant. 2) Name: Layout Value: OTL, AAT, SIL This parameter identifies the type of implemented support for advanced text layout features. The predefined values "OTL", "AAT" and "SIL" respectively indicate support for OpenType text Lilley Expires April 28, 2017 [Page 5] Internet-Draft The font Top Level Type October 2016 layout, Apple Advanced Typography or Graphite SIL. More than one shaping and layout mechanism may be supported by the same font file, therefore, this optional parameter is a list containing one or more items, separated by commas, with optional whitespace. Order in the list is not significant. Encoding considerations: Binary. Interoperability considerations: As it was noted in the first paragraph of the "Security considerations" section, the same font format wrapper can be used to encode fonts with different types of glyph data represented as either TrueType or PostScript (CFF) outlines. Existing font rendering engines may not be able to process some of the particular outline formats, and downloading a font resource that contains unsupported glyph data format would result in inability of application to render and display text. Therefore, it would be extremely useful to clearly identify the format of the glyph outline data within a font using an optional parameter, and allow applications to make decisions about downloading a particular font resource sooner. Similar, another optional parameter is suggested to identify the type of text shaping and layout mechanism that is supported by a font. Please note that as new outline formats and text shaping mechanisms may be defined in the future, the set of allowed values for two optional parameters defined by this section may be extended. Published specification: ISO/IEC 14496-22 "Open Font Format" (OFF) specification [ISO.14496-22.2015] being developed by ISO/IEC SC29/ WG11. Applications that use this media type: Any and all applications that are able to create, edit or display textual media content. Additional information: Magic number(s): The TrueType fonts and OFF / OpenType fonts containing TrueType outlines should use 0x00010000 as the 'sfnt' version number. The OFF / OpenType fonts containing CFF data should use the tag 'OTTO' as 'sfnt' version number. File extension(s): Font file extensions used for OFF / OpenType fonts: .ttf, .otf Typically, .ttf extension is only used for fonts containing TrueType outlines, while .otf extension can be used for any OpenType/OFF font, either with TrueType or CFF outlines. Lilley Expires April 28, 2017 [Page 6] Internet-Draft The font Top Level Type October 2016 Macintosh file type code(s): (no code specified) @font-face Format: none. Fragment Identifiers none. Person & email address to contact for further information: Vladimir Levantovsky (vladimir.levantovsky@monotype.com). Intended usage: COMMON Restrictions on usage: None Author: The ISO/IEC 14496-22 "Open Font Format" specification is a product of the ISO/IEC JTC1 SC29/WG11. Change controller: The ISO/IEC has change control over this specification. 7.2. TTF font type Type name: font Subtype name: ttf Required parameters: None. Optional parameters: Name: Layout Value: OTL, AAT, SIL This parameter identifies the type of support mechanism for advanced text layout features. The predefined values "OTL", "AAT" and "SIL" respectively indicate support for OpenType text layout, Apple Advanced Typography or Graphite SIL. More than one shaping and layout mechanism may be supported by the same font file, therefore, this optional parameter is a list containing one or more items, separated by commas, with optional whitespace. Order in the list is not significant. Encoding considerations: Binary. Interoperability considerations: As was noted in the first paragraph of the "Security considerations" section, the same font format can be used to encode fonts supporting different types of outlines and/or text shaping and layout mechanisms. Existing font rendering engine implementations may not be able to process some of the particular layout table formats, and downloading a font Lilley Expires April 28, 2017 [Page 7] Internet-Draft The font Top Level Type October 2016 resource that contains unsupported text shaping mechanism would result in inability of applications to display text properly. Therefore, it would be extremely useful to clearly identify the supported text shaping and layout data within a font using an optional parameter, and allow applications to make decisions about downloading a particular font resource sooner. Please note that as new text shaping mechanisms may be defined in the future, the set of allowed values for the optional parameter defined by this section may be extended. Published specification: ISO/IEC 14496-22 "Open Font Format" (OFF) specification [ISO.14496-22.2015] being developed by ISO/IEC SC29/ WG11. Applications that use this media type: Any and all applications that are able to create, edit or display textual media content. Additional information: Magic number(s): The TrueType fonts and OFF / OpenType fonts containing TrueType outlines should use 0x00010000 as the 'sfnt' version number. File extension(s): Font file extensions used for TrueType / OFF / OpenType fonts: .ttf, .otf Typically, .ttf extension is only used for fonts containing TrueType outlines, while .otf extension may be used for any OpenType/OFF font, either with TrueType or CFF outlines. Macintosh file type code(s): (no code specified) @font-face Format: truetype Fragment Identifiers none. Person & email address to contact for further information: Vladimir Levantovsky (vladimir.levantovsky@monotype.com). Intended usage: COMMON Restrictions on usage: None Author: The ISO/IEC 14496-22 "Open Font Format" specification is a product of the ISO/IEC JTC1 SC29/WG11. Change controller: The ISO/IEC has change control over this specification. Lilley Expires April 28, 2017 [Page 8] Internet-Draft The font Top Level Type October 2016 7.3. OTF font type Type name: font Subtype name: otf Required parameters: None. Optional parameters Name: Outlines Value: TTF, CFF, SVG This parameter can be used to specify the type of outlines supported by the font. Value "TTF" shall be used when a font resource contains glyph outlines in TrueType format, value "CFF" shall be used to identify fonts containing PostScript/CFF outlines, and value SVG shall be used to identify fonts that include SVG outlines. TTF, CFF or SVG outlines can be present in various combinations in the same font file, therefore, this optional parameter is a list containing one or more items, separated by commas, with optional whitespace. Order in the list is not significant. Encoding considerations: Binary. Interoperability considerations: As it was noted in the first paragraph of the "Security considerations" section, the same font format can be used to encode fonts with different types of glyph data represented as either TrueType, PostScript (CFF) or SVG outlines. Existing font rendering engines may not be able to process some of the particular outline formats, and downloading a font resource that contains unsupported glyph data format would result in inability of application to render and display text. Therefore, it would be extremely useful to clearly identify the format of the glyph outline data within a font using an optional parameter, and allow applications to make decisions about downloading a particular font resource sooner. Please note that as new outline formats may be defined in the future, the set of allowed values for the optional parameter defined in this section may be extended. Published specification: ISO/IEC 14496-22 "Open Font Format" (OFF) specification [ISO.14496-22.2015] being developed by ISO/IEC SC29/ WG11. Applications that use this media type: Any and all applications that are able to create, edit or display textual media content. Lilley Expires April 28, 2017 [Page 9] Internet-Draft The font Top Level Type October 2016 Additional information: Magic number(s): The TrueType fonts and OFF / OpenType fonts containing TrueType outlines should use 0x00010000 as the 'sfnt' version number. The OFF / OpenType fonts containing CFF outlines should use the tag 'OTTO' as 'sfnt' version number. There is no magic number for SVG outlines; these are always accompanied by either TrueType or CFF outlines and thus use the corresponding magic number. File extension(s): Font file extensions used for OFF / OpenType fonts: .ttf, .otf Typically, .ttf extension is only used for fonts containing TrueType outlines, while .otf extension can be used for any OpenType/OFF font, either with TrueType, CFF or SVG outlines. Macintosh file type code(s): (no code specified) @font-face Format: opentype Fragment Identifiers none. Person & email address to contact for further information: Vladimir Levantovsky (vladimir.levantovsky@monotype.com). Intended usage: COMMON Restrictions on usage: None Author: The ISO/IEC 14496-22 "Open Font Format" specification is a product of the ISO/IEC JTC1 SC29/WG11. Change controller: The ISO/IEC has change control over this specification. 7.4. Collection font type Type name: font Subtype name: collection Required parameters: None. Optional parameters Lilley Expires April 28, 2017 [Page 10] Internet-Draft The font Top Level Type October 2016 Name: Outlines Value: TTF, CFF, SVG This parameter can be used to specify the type of outlines supported by the font. Value "TTF" shall be used when a font resource contains glyph outlines in TrueType format, value "CFF" shall be used to identify fonts containing PostScript/CFF outlines, and value SVG shall be used to identify fonts that include SVG outlines. TTF, CFF or SVG outlines can be present in various combinations in the same font file, therefore, this optional parameter is a list containing one or more items, separated by commas, with optional whitespace. Order in the list is not significant. Encoding considerations: Binary. Interoperability considerations: As it was noted in the first paragraph of the "Security considerations" section, the same font format can be used to encode fonts with different types of glyph data represented as either TrueType, PostScript (CFF) or SVG outlines. Existing font rendering engines may not be able to process some of the particular outline formats, and downloading a font resource that contains unsupported glyph data format would result in inability of application to render and display text. Therefore, it would be extremely useful to clearly identify the format of the glyph outline data within a font using an optional parameter, and allow applications to make decisions about downloading a particular font resource sooner. Please note that as new outline formats may be defined in the future, the set of allowed values for the optional parameter defined in this section may be extended. Published specification: ISO/IEC 14496-22 "Open Font Format" (OFF) specification [ISO.14496-22.2015] being developed by ISO/IEC SC29/ WG11. Applications that use this media type: Any and all applications that are able to create, edit or display textual media content. Additional information: Magic number(s): The TrueType fonts and OFF / OpenType fonts containing TrueType outlines should use 0x00010000 as the 'sfnt' version number. The OFF / OpenType fonts containing CFF outlines should use the tag 'OTTO' as 'sfnt' version number. There is no magic number for SVG outlines; these are always accompanied by either Lilley Expires April 28, 2017 [Page 11] Internet-Draft The font Top Level Type October 2016 TrueType or CFF outlines and thus use the corresponding magic number. File extension(s): Font file extensions used for OFF / TrueType and OpenType fonts: .ttc Macintosh file type code(s): (no code specified) @font-face Format: collection Fragment Identifiers A positive integer. For example, #2 refers to the second font in the collection. If a fragment is not specified, it is the same as #1 i.e. the first font in the collection. Person & email address to contact for further information: Vladimir Levantovsky (vladimir.levantovsky@monotype.com). Intended usage: COMMON Restrictions on usage: None Author: The ISO/IEC 14496-22 "Open Font Format" specification is a product of the ISO/IEC JTC1 SC29/WG11. Change controller: The ISO/IEC has change control over this specification. 7.5. WOFF 1.0 Type name: font Subtype name: woff Required parameters: None. Optional parameters: None. Encoding considerations: Binary. Interoperability considerations: None. Published specification: This media type registration updates the WOFF specification [W3C.REC-WOFF-20121213] at W3C. Applications that use this media type: WOFF is used by Web browsers, often in conjunction with HTML and CSS. Lilley Expires April 28, 2017 [Page 12] Internet-Draft The font Top Level Type October 2016 Additional information: Magic number(s): The signature field in the WOFF header MUST contain the "magic number" 0x774F4646 ('wOFF') File extension(s): woff Macintosh file type code(s): (no code specified) Macintosh Universal Type Identifier code: "org.w3c.woff" @font-face Format: woff Fragment Identifiers: none. Deprecated Alias: The existing registration application/font-woff is deprecated in favor of font/woff. Person & email address to contact for further information: Chris Lilley (www-font@w3.org). Intended usage: COMMON Restrictions on usage: None Author: The WOFF specification is a work product of the World Wide Web Consortium's WebFonts Working Group. Change controller: The W3C has change control over this specification. 7.6. WOFF 2.0 Type name: font Subtype name: woff2 Required parameters: None. Optional parameters: None. Encoding considerations: Binary. Interoperability considerations: WOFF 2.0 is an improvement on WOFF 1.0. The two formats have different Internet Media Types, different @font-face formats, and may be used in parallel. Lilley Expires April 28, 2017 [Page 13] Internet-Draft The font Top Level Type October 2016 Published specification: This media type registration is extracted from the WOFF 2.0 specification [W3C.WD-WOFF2-20150414] at W3C. Applications that use this media type: WOFF 2.0 is used by Web browsers, often in conjunction with HTML and CSS. Additional information: Magic number(s): The signature field in the WOFF header MUST contain the "magic number" 0x774F4632 ('wOF2') File extension(s): woff2 Macintosh file type code(s): (no code specified) Macintosh Universal Type Identifier code: "org.w3c.woff2" @font-face Format: woff2 Fragment Identifiers Optional, for collections encoded as WOFF 2.0. A positive integer. For example, #2 refers to the second font in the collection. If a fragment is not specified, it is the same as #1 i.e. the first font in the collection (or the only font, if it is not a collection). If a fragment is specified, and the WOFF does not encode a collection, the fragment is ignored. Person & email address to contact for further information: Chris Lilley (www-font@w3.org). Intended usage: COMMON Restrictions on usage: None Author: The WOFF2 specification is a work product of the World Wide Web Consortium's WebFonts Working Group. Change controller: The W3C has change control over this specification. 8. New Registrations New font formats should be registered using the online form [Media-Type-Registration]. RFC 6838 [RFC6838] should be consulted on registration procedures. In particular the font specification must be freely available and the ABNF must be followed. Also, an @font- face format should be supplied and, if used, a definition of the fragment identifier syntax for the new type. Lilley Expires April 28, 2017 [Page 14] Internet-Draft The font Top Level Type October 2016 9. References 9.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type Specifications and Registration Procedures", BCP 13, RFC 6838, DOI 10.17487/RFC6838, January 2013, . [W3C.CR-css-fonts-3-20131003] Daggett, J., "CSS Fonts Module Level 3", World Wide Web Consortium CR CR-css-fonts-3-20131003, October 2013, . [ISO.14496-22.2015] International Organization for Standardization, "Coding of audio-visual objects Part 22: Open Font Format", ISO Standard 14496-22, 10 2015, . [W3C.REC-WOFF-20121213] Kew, J., Leming, T., and E. Blokland, "WOFF File Format 1.0", World Wide Web Consortium Recommendation REC-WOFF- 20121213, December 2012, . [W3C.WD-WOFF2-20150414] Levantovsky, V. and R. Levien, "WOFF File Format 2.0", World Wide Web Consortium WD WD-WOFF2-20150414, March 2016, . 9.2. Informative References [cff-wiki] "CFF", . [opentype-wiki] "OpenType", . [postscript-wiki] "PostScript". Lilley Expires April 28, 2017 [Page 15] Internet-Draft The font Top Level Type October 2016 [truetype-wiki] "TrueType", . [svg-wiki] "SVG", . [HTTP-Archive-Trends] Kuetell, D., "HTTP Archive trend analysis", March 2015, . [Font-Media-Type-Analysis] Kuetell, D., "Web Font Media Type (mime type) Analysis 2015", 2015, . [Media-Type-Registration] IANA, "Application for a Media Type", . 9.3. URIs [1] https://github.com/svgeesus/ietf-justfont [2] https://github.com/svgeesus/ietf-justfont/issues [3] mailto:justfont@ietf.org Author's Address Chris Lilley W3C 2004 Route des Lucioles Sophia Antipolis 06902 France Email: chris@w3.org Lilley Expires April 28, 2017 [Page 16]