Document Action: 'The application/smil and application/smil+xml Media Types' to Informational RFC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The IESG has approved the following document:

- 'The application/smil and application/smil+xml Media Types '
   <draft-hoschka-smil-media-type-12.txt> as an Informational RFC

This document has been reviewed in the IETF but is not the product of an
IETF Working Group. 

The IESG contact person is Ted Hardie.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-hoschka-smil-media-type-12.txt

Technical Summary
 
This document registers application/smil and application/smil+xml 
media types.  I

Working Group Summary
 
This document is not the product of an IETF working group, but
was considered by the World Wide Web Consortium as part of
its processes.  SMIL 2.0 is currently a W3C Recommendation.
 
Protocol Quality
 
The document was reviewed for the IESG by Ted Hardie.

Note to RFC Editor

Please add a new Section 6, as follows and renumber.

Security considerations

   SMIL documents contain a construct that allows "infinite loops".
   This is indispensable for a multimedia format. However, SMIL clients
   should foresee provisions such as a "stop" button that lets users
   interrupt such an "infinite loop".

   As with HTML, SMIL documents contain links to other media
   (images,sounds, videos, text, ...) and those links are typically
   followed automatically by software, resulting in the transfer of
   files without the explicit request of the user for each one. The
   security considerations of each linked file are those of the
   individual registered types.

   The SMIL language contains "switch" elements. SMIL provides no
   mechanism that assures the media objects contained in a "switch"
   element provide equivalent information. An author, knowing that one
   SMIL player will display one alternative of a "switch" and another
   will display a different part, can put different information in the
   two parts. While there are legitimate use cases for this, this also
   gives rise to a security consideration:  The author can fool viewers
   into thinking that the same information was displayed when in fact it
   was not.

   In addition, all of the security considerations of RFC3023 also apply
   to SMIL.


_______________________________________________

IETF-Announce@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf-announce
[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux