Christian Huitema wrote: > > > In May of this year, patches were needed to mitigate ongoing PPT threats. > > http://technet.microsoft.com/en-us/security/bulletin/ms11-036 > > http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html > > http://blogs.technet.com/b/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx > > A quick look at http://www.adobe.com/support/security/ shows that PDF > is not immune to security issues, and has at least as many bulletins > out as PowerPoint. Complex presentations formats require complex code, > and nobody is perfect. Not every PDF viewer is so obsessive as the one from Adobe about trying execute every bit that looks even remotely executable, besides javascript also every content where the addition of length fields wraps in integer math. > > Just saying, but if we want to ensure that presentations are > readable 50 years from now, and do not embed some kind of > malicious code, we might stick to ASCII text, right? I would not go as far as that, but forcing a format that is free from active content is probably a good start: http://en.wikipedia.org/wiki/PDF/A I would also not mind when the Upload _accepts_ PPT or PPTX, when the IETF tools backend would perform the conversion to PDF/A by itself. -Martin _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf