RE: Registration of MIME media type application/vnd.nokia-mrv+xml
perhaps the registration should simply say that it is not possible to evaluate the risks with this content-type since no information about the time has been disclosed; and users should therefore avoid using this content-type unless *they* have reliable information about the nature and format of this content-type which enables them to evaluate the risks associated with using it. LH> This is a very sensible approach. I hope you understand that there are many facts which determine when vendor related specs get published. In addition there are occasions when the MIME type needs registration prior to public distribution of the specs. Do other people have comments on Keith's suggestion. Many thanks, Leon.
I hope you understand that there are many facts which determine when vendor related specs get published. In addition there are occasions when the MIME type needs registration prior to public distribution of the specs.
again, the specs don't have to be public, but the specs should exist and be referenced. we don't want to register types that aren't yet defined. and part of the purpose of the registration is to inform implementors, and the public, about the risks of using the type. so I don't really like statements of the form "users must determine the risks for themselves" but we don't have a mechanism for denying registrations in vnd.* space. I wish there were some effective way to compel vendors to be responsible regarding the security risks to which they expose their customers. So far, we haven't found one. Keith
participants (2)
-
Keith Moore -
Leon.Hurst@nokia.com