Hi Ned, In my reply to your original message I wrote the following on 8/31.
On 27/08/2010 05:27, Ned Freed wrote:
...
The ktx type is a binary data stream which contains no executable code that could disrupt a client processor. There is no provision in the type specification that would allow authors to insert executable code that would present any security risk to a client machine. IMO these security considerations are nowhere near sufficient for a standards tree type. At an absolute minimum you need to add a discussion of possible integrity/confidentiality concerns: Does data of this type require such protection, and if it does, does the type provide it internally (and if so, how) or must it be provided externally (and again, how)? It is not clear to me exactly what you are asking for. I looked at Security Considerations (Section 8.5) in the image/png registration (RFC 2083 <http://tools.ietf.org/html/rfc2083>) and could see nothing along the lines you seem to be suggesting. Since this is an image format, naturally any image could be sent including images which one may wish to keep confidential. There is no encryption in the format so users wishing to keep their images confidential should overlay their own encryption. Is this the kind of discussion you are requesting.
I no clearer to understanding your request. Please answer my question so I can proceed with the registration. Regards -Mark