Skip to main content

The application/pdf Media Type
draft-hardy-pdf-mime-05

Revision differences

Document history

Date Rev. By Action
2017-03-10
05 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2017-03-02
05 (System) RFC Editor state changed to AUTH48 from RFC-EDITOR
2017-03-01
05 (System) RFC Editor state changed to RFC-EDITOR from EDIT
2017-02-28
05 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2017-02-28
05 (System) IANA Action state changed to Waiting on RFC Editor from Waiting on Authors
2017-02-27
05 (System) IANA Action state changed to Waiting on Authors from In Progress
2017-02-27
05 (System) RFC Editor state changed to EDIT
2017-02-27
05 (System) IESG state changed to RFC Ed Queue from Approved-announcement sent
2017-02-27
05 (System) Announcement was received by RFC Editor
2017-02-27
05 (System) IANA Action state changed to In Progress
2017-02-27
05 Amy Vezza IESG state changed to Approved-announcement sent from IESG Evaluation::AD Followup
2017-02-27
05 Amy Vezza IESG has approved the document
2017-02-27
05 Amy Vezza Closed "Approve" ballot
2017-02-27
05 Amy Vezza Ballot approval text was generated
2017-02-27
05 Alexey Melnikov RFC Editor Note was cleared
2017-02-27
05 Alexey Melnikov Ballot writeup was changed
2017-02-27
05 Stephen Farrell
[Ballot comment]

Thanks for handling my discuss point. I think the
security considerations text now seems sufficient.
Though I would still encourage adding some more …
[Ballot comment]

Thanks for handling my discuss point. I think the
security considerations text now seems sufficient.
Though I would still encourage adding some more
references if possible, but that's a non-blocking
comment, so no need to do anything if you think
it's right as-is.

OLD COMMENT text below, still happy to chat about
it if that's useful.


My old comment and discuss point-2 below. I think
Larry answered opint-2 well enough in [2].

I'd suggest adding a reference to [3] would be useful
as well.

  [3] http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.174.2980&rep=rep1&type=pdf

(2) section 6: It's a pity there's no ISO document to
reference in this section as PDF files have been the
vector for various threats over the years. Can't you
find some reference (from ISO or not) that a viewer or
author developer would find helpful? That section seems
pretty vague to me as-is. (In particular the last clause
of the last sentence in this section is not useful.) And
I see from the discussion of the secdir review ([1], did
any authors respond to that? If so I didn't see it,
sorry).  The discuss point here is that we seem to have
less good security considerations compared with RFC3778,
and I think that ought be justified if it's the right
thing to do. (Not necessarily in the document if that's
not correct, but at least as part of the record, e.g. in
response to this.)

  [1] https://www.ietf.org/mail-archive/web/secdir/current/msg06674.html
comments
- section 4: why no reference for PDF/A? I'd have
thought that was the most important one for which a good
reference is needed? The referred document is [ISOPDFA]
in 8.2 so I guess this is just an editing glitch.
2017-02-27
05 Stephen Farrell [Ballot Position Update] Position for Stephen Farrell has been changed to No Objection from Discuss
2017-02-26
05 Alexey Melnikov IESG state changed to IESG Evaluation::AD Followup from IESG Evaluation::Revised I-D Needed
2017-02-24
05 Alexey Melnikov IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation::AD Followup
2017-02-23
05 (System) Sub state has been changed to AD Followup from Revised ID Needed
2017-02-23
05 Larry Masinter New version available: draft-hardy-pdf-mime-05.txt
2017-02-23
05 (System) New version approved
2017-02-23
05 (System) Request for posting confirmation emailed to previous authors: Duff Johnson , Dejan Markovic , Larry Masinter , Matthew Hardy , Martin Bailey
2017-02-23
05 Larry Masinter Uploaded new revision
2016-10-15
04 Alexey Melnikov IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation::AD Followup
2016-09-05
04 Stephen Farrell
[Ballot discuss]

I have one remaining thing I'd like to discuss about this
draft that I don't think was answered in Larry's earlier
response. [2] …
[Ballot discuss]

I have one remaining thing I'd like to discuss about this
draft that I don't think was answered in Larry's earlier
response. [2]

  [2]  https://mailarchive.ietf.org/arch/msg/ietf/yKbjLYUcxHHdj63PbrWbte12jBE

(1) section 3: Are there any potential security issues
with namedest as a parameter? E.g. has any PDF reader or
MIME handler followed an absolute URL for the value
there perhaps? If so, is there a warning it'd be useful
to give?  Are there any other similarly known potential
vulnerabilities for other parameters? (Maybe fdf or ef?)
(This is also related to discuss-point-2 below)

I don't think this was answered in [2]. To try rephrase it:
"What (if any) security considerations text is needed about
the parameters of application/pdf?"
2016-09-05
04 Stephen Farrell
[Ballot comment]

My old comment and discuss point-2 below. I think
Larry answered opint-2 well enough in [2].

I'd suggest adding a reference to [3] …
[Ballot comment]

My old comment and discuss point-2 below. I think
Larry answered opint-2 well enough in [2].

I'd suggest adding a reference to [3] would be useful
as well.

  [3] http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.174.2980&rep=rep1&type=pdf

(2) section 6: It's a pity there's no ISO document to
reference in this section as PDF files have been the
vector for various threats over the years. Can't you
find some reference (from ISO or not) that a viewer or
author developer would find helpful? That section seems
pretty vague to me as-is. (In particular the last clause
of the last sentence in this section is not useful.) And
I see from the discussion of the secdir review ([1], did
any authors respond to that? If so I didn't see it,
sorry).  The discuss point here is that we seem to have
less good security considerations compared with RFC3778,
and I think that ought be justified if it's the right
thing to do. (Not necessarily in the document if that's
not correct, but at least as part of the record, e.g. in
response to this.)

  [1] https://www.ietf.org/mail-archive/web/secdir/current/msg06674.html
comments
- section 4: why no reference for PDF/A? I'd have
thought that was the most important one for which a good
reference is needed? The referred document is [ISOPDFA]
in 8.2 so I guess this is just an editing glitch.
2016-09-05
04 Stephen Farrell Ballot comment and discuss text updated for Stephen Farrell
2016-09-04
04 (System) Sub state has been changed to AD Followup from Revised ID Needed
2016-09-04
04 Larry Masinter IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2016-09-04
04 Larry Masinter New version available: draft-hardy-pdf-mime-04.txt
2016-09-01
03 Cindy Morgan IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation
2016-09-01
03 Alexey Melnikov RFC Editor Note was changed
2016-09-01
03 Alexey Melnikov RFC Editor Note for ballot was generated
2016-09-01
03 Alexey Melnikov RFC Editor Note for ballot was generated
2016-09-01
03 Jari Arkko [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko
2016-09-01
03 Benoît Claise [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise
2016-08-31
03 Joel Jaeggli [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli
2016-08-31
03 Ben Campbell
[Ballot comment]
I agree with all the security comments. I also agree with Suresh that the paragraph numbers are distracting. While they may be useful …
[Ballot comment]
I agree with all the security comments. I also agree with Suresh that the paragraph numbers are distracting. While they may be useful in the review process, they will distract readers down the road.
2016-08-31
03 Ben Campbell [Ballot Position Update] New position, No Objection, has been recorded for Ben Campbell
2016-08-31
03 Alvaro Retana [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana
2016-08-31
03 Alissa Cooper [Ballot comment]
Agree with others' comments about the security considerations.
2016-08-31
03 Alissa Cooper [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper
2016-08-31
03 Dan Romascanu Request for Telechat review by GENART Completed: Ready. Reviewer: Dan Romascanu.
2016-08-31
03 Mirja Kühlewind
[Ballot comment]
I agree with others that the security section doesn't provide much: it neither describes how attacks could look like, nor how to handle …
[Ballot comment]
I agree with others that the security section doesn't provide much: it neither describes how attacks could look like, nor how to handle them concretely. However, it also not clear to me if this is the right document to discuss these things or if a different doc would be needed.
2016-08-31
03 Mirja Kühlewind [Ballot Position Update] New position, No Objection, has been recorded for Mirja Kühlewind
2016-08-30
03 Suresh Krishnan [Ballot comment]
Why are there "" paragraph numbers in this document? They feel distracting.
2016-08-30
03 Suresh Krishnan [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan
2016-08-30
03 Terry Manderson [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson
2016-08-30
03 Stephen Farrell
[Ballot discuss]

I have two things I'd like to discuss about this
draft:

(1) section 3: Are there any potential security issues
with namedest as …
[Ballot discuss]

I have two things I'd like to discuss about this
draft:

(1) section 3: Are there any potential security issues
with namedest as a parameter? E.g. has any PDF reader or
MIME handler followed an absolute URL for the value
there perhaps? If so, is there a warning it'd be useful
to give?  Are there any other similarly known potential
vulnerabilities for other parameters? (Maybe fdf or ef?)
(This is also related to discuss-point-2 below)

(2) section 6: It's a pity there's no ISO document to
reference in this section as PDF files have been the
vector for various threats over the years. Can't you
find some reference (from ISO or not) that a viewer or
author developer would find helpful? That section seems
pretty vague to me as-is. (In particular the last clause
of the last sentence in this section is not useful.) And
I see from the discussion of the secdir review ([1], did
any authors respond to that? If so I didn't see it,
sorry).  The discuss point here is that we seem to have
less good security considerations compared with RFC3778,
and I think that ought be justified if it's the right
thing to do. (Not necessarily in the document if that's
not correct, but at least as part of the record, e.g. in
response to this.)

  [1] https://www.ietf.org/mail-archive/web/secdir/current/msg06674.html
comments
2016-08-30
03 Stephen Farrell
[Ballot comment]

- section 4: why no reference for PDF/A? I'd have
thought that was the most important one for which a good
reference is …
[Ballot comment]

- section 4: why no reference for PDF/A? I'd have
thought that was the most important one for which a good
reference is needed? The referred document is [ISOPDFA]
in 8.2 so I guess this is just an editing glitch.
2016-08-30
03 Stephen Farrell [Ballot Position Update] New position, Discuss, has been recorded for Stephen Farrell
2016-08-30
03 Kathleen Moriarty [Ballot Position Update] Position for Kathleen Moriarty has been changed to No Objection from No Record
2016-08-30
03 Kathleen Moriarty
[Ballot comment]
In the Security considerations, the text starts off saying:

  The PDF file format allows several constructs which may compromise
  security if …
[Ballot comment]
In the Security considerations, the text starts off saying:

  The PDF file format allows several constructs which may compromise
  security if handled inadequately by PDF processors.

Shouldn't this go a step further to also include the consideration that the feature could be exploited by an attacker?  I don't see how it is enough for the processor to handle all possible exploits.  If I am wrong, please explain.
2016-08-30
03 Kathleen Moriarty Ballot comment text updated for Kathleen Moriarty
2016-08-30
03 Deborah Brungard [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard
2016-08-29
03 Spencer Dawkins [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins
2016-08-25
03 Jean Mahoney Request for Telechat review by GENART is assigned to Dan Romascanu
2016-08-25
03 Jean Mahoney Request for Telechat review by GENART is assigned to Dan Romascanu
2016-08-11
03 Alexey Melnikov Telechat date has been changed to 2016-09-01 from 2016-08-18
2016-08-10
03 (System) IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed
2016-08-04
03 Alexey Melnikov IESG state changed to IESG Evaluation from IESG Evaluation::Revised I-D Needed
2016-08-04
03 Alexey Melnikov [Ballot comment]
A reply to SecDir review is needed from editors.
2016-08-04
03 Alexey Melnikov Ballot comment text updated for Alexey Melnikov
2016-08-04
03 Alexey Melnikov Ballot has been issued
2016-08-04
03 Alexey Melnikov [Ballot Position Update] New position, Yes, has been recorded for Alexey Melnikov
2016-08-04
03 Alexey Melnikov Created "Approve" ballot
2016-08-04
03 Alexey Melnikov Ballot writeup was changed
2016-08-04
03 Alexey Melnikov Authors promised me another revision.
2016-08-04
03 Alexey Melnikov IESG state changed to IESG Evaluation::Revised I-D Needed from Waiting for Writeup
2016-08-01
03 Gunter Van de Velde Request for Last Call review by OPSDIR Completed: Ready. Reviewer: Rick Casarez.
2016-07-21
03 Alexey Melnikov Changed consensus to Yes from Unknown
2016-07-21
03 Alexey Melnikov Placed on agenda for telechat - 2016-08-18
2016-07-21
03 (System) IESG state changed to Waiting for Writeup from In Last Call
2016-07-19
03 Larry Masinter IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2016-07-19
03 Larry Masinter New version available: draft-hardy-pdf-mime-03.txt
2016-07-18
02 (System) IANA Review state changed to IANA OK - Actions Needed from IANA - Review Needed
2016-07-18
02 Sabrina Tanamal
(Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-hardy-pdf-mime-02.txt. If any part of this review is inaccurate, please let us know.

IANA …
(Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-hardy-pdf-mime-02.txt. If any part of this review is inaccurate, please let us know.

IANA understands that, upon approval of this document, there is a single action which IANA must complete.

In the application media types subregistry of the Media Types registry located at:

https://www.iana.org/assignments/media-types/

the existing registration will be updated with the information in Section 7 of the current document and the reference will be changed to [ RFC-to-be ].

IANA understands that this is the only action required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed. 


Thank you,

Sabrina Tanamal
IANA Specialist
ICANN
2016-07-15
02 Dan Romascanu Request for Last Call review by GENART Completed: Ready. Reviewer: Dan Romascanu.
2016-07-14
02 Tero Kivinen Request for Last Call review by SECDIR Completed: Has Issues. Reviewer: Phillip Hallam-Baker.
2016-06-29
02 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Rick Casarez
2016-06-29
02 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Rick Casarez
2016-06-23
02 Jean Mahoney Request for Last Call review by GENART is assigned to Dan Romascanu
2016-06-23
02 Jean Mahoney Request for Last Call review by GENART is assigned to Dan Romascanu
2016-06-23
02 Tero Kivinen Request for Last Call review by SECDIR is assigned to Phillip Hallam-Baker
2016-06-23
02 Tero Kivinen Request for Last Call review by SECDIR is assigned to Phillip Hallam-Baker
2016-06-23
02 Amy Vezza IANA Review state changed to IANA - Review Needed
2016-06-23
02 Amy Vezza
The following Last Call announcement was sent out:

From: The IESG
To: "IETF-Announce"
CC: alexey.melnikov@isode.com, draft-hardy-pdf-mime@ietf.org
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (The application/pdf …
The following Last Call announcement was sent out:

From: The IESG
To: "IETF-Announce"
CC: alexey.melnikov@isode.com, draft-hardy-pdf-mime@ietf.org
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (The application/pdf Media Type) to Informational RFC


The IESG has received a request from an individual submitter to consider
the following document:
- 'The application/pdf Media Type'
  as Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2016-07-21. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


<1>
  The Portable Document Format (PDF) is an ISO standard (ISO
  32000-1:2008) defining a final-form document representation language
  in use for document exchange, including on the Internet, since 1993.
  This document provides an overview of the PDF format and updates the
  media type registration of "application/pdf".




The file can be obtained via
https://datatracker.ietf.org/doc/draft-hardy-pdf-mime/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-hardy-pdf-mime/ballot/


No IPR declarations have been submitted directly on this I-D.


2016-06-23
02 Amy Vezza IESG state changed to In Last Call from Last Call Requested
2016-06-23
02 Alexey Melnikov Last call was requested
2016-06-23
02 Alexey Melnikov Last call announcement was generated
2016-06-23
02 Alexey Melnikov Ballot approval text was generated
2016-06-23
02 Alexey Melnikov Ballot writeup was generated
2016-06-23
02 Alexey Melnikov IESG state changed to Last Call Requested from AD Evaluation
2016-06-23
02 Alexey Melnikov IESG state changed to AD Evaluation from Publication Requested
2016-06-23
02 Alexey Melnikov IESG state changed to Publication Requested from AD is watching::AD Followup
2016-06-08
02 Alexey Melnikov My AD review comments were addressed in the latest version.
2016-06-06
02 (System) Sub state has been changed to AD Followup from Revised ID Needed
2016-06-06
02 Larry Masinter New version available: draft-hardy-pdf-mime-02.txt
2016-05-13
01 Alexey Melnikov
My AD review:

Need to split references into Normative and Informative.

What is "the default user space coordinate system"?
(Are coordinate values in fragments measured …
My AD review:

Need to split references into Normative and Informative.

What is "the default user space coordinate system"?
(Are coordinate values in fragments measured in what?)

Where are FDF files defined?

Does mentioning of JavaScript and XObject need Informative References?

In the media type registration template:

Author/change controller: please clarify the text that 2 people listed are not change controllers, but authors/editors. E.g. XXX and YYY are authors. ISO ... is the change controller.
The media type registration template has 2 separate fields, so the easiest way to fix this issue is to split them.
2016-05-13
01 Alexey Melnikov IESG state changed to AD is watching::Revised I-D Needed from AD is watching
2016-04-10
01 Alexey Melnikov IESG process started in state AD is watching
2016-04-08
01 Alexey Melnikov Intended Status changed to Informational from None
2016-04-08
01 Alexey Melnikov Stream changed to IETF from None
2016-04-08
01 Alexey Melnikov Shepherding AD changed to Alexey Melnikov
2016-04-07
01 Larry Masinter New version available: draft-hardy-pdf-mime-01.txt
2014-07-21
00 Larry Masinter New version available: draft-hardy-pdf-mime-00.txt