Hello ietf-types,
This is a request to review the registration for Web Open Font Format
(WOFF), currently in W3C Last Call.
Type name:
application
Subtype name:
font-woff
Required parameters:
None.
Optional parameters:
None.
Encoding considerations:
binary.
Security considerations:
Fonts are interpreted data structures that represent collections
of glyph outlines, metrics and layout information for various
languages and writing systems. Currently, there are many
standardized font data tables that allow an unspecified number of
entries, and where existing, predefined data fields allow storage
of binary data with variable length. There is a significant risk
that the flexibility of font data structures may be exploited to
hide malicious binary content disguised as a font data component.
WOFF is based on the table-based SFNT (scalable font) format which
is highly extensible and offers an opportunity to introduce
additional data structures when needed. However, this same
extensibility may present specific security concerns – the
flexibility and ease of defining new data structures makes it easy
for any arbitrary data to be added and hidden inside a font file.
WOFF fonts may contain 'hints' for the alignment of graphical
elements of the glyphs with the target display pixel grid, and
depending on the font technology utilized in the creation of a
font these hints may represent active code interpreted and
executed by the font rasterizer. Even though they operate within
the confines of the glyph outline conversion system and have no
access outside the font rendering machinery, hint instructions can
be, however, quite complex, and a maliciously designed complex
font could cause undue resource consumption (e.g. memory or CPU
cycles) on a machine interpreting it. Indeed, fonts are
sufficiently complex that most if not all interpreters cannot be
completely protected from malicious fonts without undue
performance penalties.
Widespread use of fonts as necessary component of visual content
presentation warrants that a careful attention should be given to
security considerations whenever a font is either embedded into an
electronic document or transmitted alongside media content as a
linked resource.
WOFF uses gzip compression. The WOFF header contains the
uncompressed length of each compressed table. Applications may
therefore constrain the size of memory buffer allocated for
decompression and may stop writing if a maliciously crafted WOFF
file in fact contains more data than is indicated.
Interoperability considerations:
Published specification:
This media type registration is extracted from the WOFF
specification at W3C.
http://www.w3.org/TR/WOFF/
Applications that use this media type:
WOFF is used by Web browsers, often in conjunction with HTML and CSS.
Additional information:
Magic number(s):
The signature field in the WOFF header MUST contain the "magic
number" 0x774F4646
File extension(s):
woff
Macintosh file type code(s):
(no code specified)
Macintosh Universal Type Identifier code:
org.w3c.woff
Fragment Identifiers
none.
Person & email address to contact for further information:
Chris Lilley (www-font at w3.org).
Intended usage:
COMMON
Restrictions on usage:
None
Author:
The WOFF specification is a work product of the World Wide Web
Consortium's WebFonts Working Group.
Change controller:
The W3C has change control over this specification.
--
Chris Lilley Technical Director, Interaction Domain
W3C Graphics Activity Lead, Fonts Activity Lead
Co-Chair, W3C Hypertext CG
Member, CSS, WebFonts, SVG Working Groups
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.