Network Working Group C. Lilley Internet-Draft W3C Intended status: Standards Track January 29, 2016 Expires: August 1, 2016 The font Top Level Type draft-ietf-justfont-toplevel-00 Abstract This memo serves to register and document the "font" Top Level Type, under which the Internet Media subtypes for representation formats for fonts may be registered. This document also serves as a registration application for a set of intended subtypes, which are representative of some existing subtypes already registered under the "application" tree by their separate registrations. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on August 1, 2016. Copyright Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of Lilley Expires August 1, 2016 [Page 1] Internet-Draft The font Top Level Type January 2016 the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. 1. Introduction The process of setting type in computer systems and other forms of text presentation systems uses fonts in order to provide visual representations of the glyphs. Just as with images, for example, there are a number of ways to represent the visual information of the glyphs. Early font formats often used bitmaps, as these could have been carefully tuned for maximum readability at a given size on low- resolution displays. More recently, scalable vector outline fonts have come into widespread use: in these fonts, the outlines of the glyphs are described, and the presentation system renders the outline in the desired position and size. This document defines a top-level Internet Media Type type "font" under which different representation formats of fonts may be registered (e.g. a bitmap or outline formats). It should be emphasized that, just as under the "image" top-level type one does not find registration for a specific image, for example, "The Night- watch" (by Rembrandt) but instead "JPEG" (a compressed image data representation format), so, under "font" one will not find "Courier" (the name of a popular font) but perhaps "TTF", "OTF" or "SFNT" (the names of commonly used TrueType and OpenType font formats as well as their higher-level wrapper format). 2. Background and Justification Historically there has not been a registration of formats for fonts. Most recently, there have been several representation formats registered as MIME subtypes under the "application" top-level type. However, with the rapid adoption of web fonts (based on the data from HTTP Archive [1] showing a huge increase in web font usage from 1% in the end of 2010 to 50% across all sites in the beginning of 2015) custom fonts on the web have become a core web resource. As the in- depth analysis [2] shows, the lack of the intuitive top-level font type is causing significant confusion among developers - while currently defined font subtypes are severely under-utilized there are many more sites that already use non-existent (but highly intuitive) media types such as "font/woff", "font/ttf" and "font/truetype". At the same time, the majority of sites resort to using generic types such as "application/octet-stream", "text/plain" and "text/html"; or use unregistrable types such as "application/x-font-ttf". Contrary to our expectations, the officially defined IANA subtypes such as "application/font-woff" and "application/font-sfnt" see a very limited use - their adoption rates trail far behind as the Lilley Expires August 1, 2016 [Page 2] Internet-Draft The font Top Level Type January 2016 actual use of web fonts continues to increase. The members of the W3C WebFonts WG believe the use of "application" top-level type is not ideal. First, the "application" sub-tree is treated (correctly) with great caution with respect to viruses and other active code. Secondly, the lack of a top-level type means that there is no opportunity to have a common set of optional attributes, such as are specified here. Third, fonts have a unique set of licensing and usage restrictions, which makes it worthwhile to identify this general category with a unique top-level type. The W3C WebFonts WG believes that the situation can be significantly improved if a set of font media types is registered using "font" as a dedicated top-level type. Based on the data analysis presented above, we believe that it is the presence of simple and highly intuitive media types for images that caused the widespread adoption of IANA's recommendations, where the correct usage of existing media types reaches over 97% for all subtypes in the "image" tree. The WG believes that, considering a rapid adoption of fonts on the web, the registration of the top-level media type for fonts along with the intuitive set of subtypes that reflect popular and widely used data formats would further stimulate the adoption of web fonts, significantly simplify web server configuration process and facilitate the proper use of IANA media type recommendations. 3. Security considerations Fonts are interpreted data structures that represent collections of different tables containing data that represent different types of information, including glyph outlines in various formats, hinting instructions, metrics and layout information for multiple languages and writing systems, rules for glyph substitution and positioning, etc. Depending on the format used to represent the glyph data the font may contain TrueType, PostScript or SVG outlines and their respective hint instructions, where applicable. There are many existing, already standardized font table tags and formats that allow an unspecified number of entries containing predefined data fields for storage of variable length binary data. Many existing (TrueType, OpenType and OFF, SIL Graphite, WOFF, etc.) font formats are based on the table-based SFNT (scalable font) format which is extremely flexible, highly extensible and offers an opportunity to introduce additional table structures when needed, in a way that would not affect existing font rendering engines and text layout implementations. However, this very extensibility may present specific security concerns - the flexibility and ease of adding new data structures makes it easy for any arbitrary data to be hidden inside a font file. There is a significant risk that the flexibility of font data structures may be exploited to hide malicious binary content disguised as a font data component. Lilley Expires August 1, 2016 [Page 3] Internet-Draft The font Top Level Type January 2016 Fonts may contain 'hints', which are programmatic instructions that are executed by the font engine for the alignment of graphical elements of glyph outlines with the target display pixel grid. Depending on the font technology utilized in the creation of a font these hints may represent active code interpreted and executed by the font rasterizer. Even though hints operate within the confines of the glyph outline conversion system and have no access outside the font rendering engine, hint instructions can be, however, quite complex, and a maliciously designed complex font could cause undue resource consumption (e.g. memory or CPU cycles) on a machine interpreting it. Indeed, fonts are sufficiently complex, and most (if not all) interpreters cannot be completely protected from malicious fonts without undue performance penalties. Widespread use of fonts as necessary component of visual content presentation warrants that a careful attention should be given to security considerations whenever a font is either embedded into an electronic document or transmitted alongside media content as a linked resource. While many existing font formats provide certain levels of protection of data integrity (such mechanisms include e.g. checksums and digital signatures), font data formats provide neither privacy nor confidentiality protection internally; if needed, such protection should be provided externally. 4. Definition and encoding The "font" as the primary media content type indicates that the content identified by it requires certain graphic subsystem such as font rendering engine (and, in some cases, text layout and shaping engine) to process font data, which in turn may require certain level of hardware capabilities such as certain levels of CPU performance and available memory. The "font" media type does not provide any specific information about the underlying data format and how the font information should be interpreted - the subtypes defined within a "font" tree will name the specific font formats. Unrecognized sub- types of "font" should be treated as "application/octet-stream". Implementations may pass unrecognized subtypes to a common font- handling system, if such system is available. 5. Defined subtypes In this section the initial entries under the top-level 'font' MIME type are documented. They also serve as examples for future registrations. Lilley Expires August 1, 2016 [Page 4] Internet-Draft The font Top Level Type January 2016 5.1. Generic SFNT font type Type name: font Subtype name: sfnt Required parameters: None. Optional parameters: 1) Name: Outlines Value: TTF, CFF, SVG This parameter can be used to specify the type of outlines supported by the font. Value "TTF" shall be used when a font resource contains glyph outlines in TrueType format, value "CFF" shall be used to identify fonts containing PostScript/CFF outlines, and value SVG shall be used to identify fonts that include SVG outlines. TTF, CFF or SVG outlines can be present in various combinations in the same font file, therefore, multiple values for the same optional parameter may be defined. 2) Name: Layout Value: OTF, AAT, SIL This parameter identifies the type of implemented support for advanced text layout features. The predefined values "OTF", "AAT" and " SIL" respectively indicate support for OpenType text layout, Apple Advanced Typography or Graphite SIL. More than one shaping and layout mechanism may be supported by the same font file, therefore, multiple values for the same optional parameter may be defined. Encoding considerations: Binary. Interoperability considerations: As it was noted in the first paragraph of the "Security considerations" section, the same font format wrapper can be used to encode fonts with different types of glyph data represented as either TrueType or PostScript (CFF) outlines. Existing font rendering engines may not be able to process some of the particular outline formats, and downloading a font resource that contains unsupported glyph data format would result in inability of application to render and display text. Therefore, it would be extremely useful to clearly identify the format of the glyph outline data within a font using an optional parameter, and allow applications to make decisions about downloading a particular font resource sooner. Similar, another optional parameter is suggested to identify the type of text Lilley Expires August 1, 2016 [Page 5] Internet-Draft The font Top Level Type January 2016 shaping and layout mechanism that is supported by a font. Please note that as new outline formats and text shaping mechanisms may be defined in the future, the set of allowed values for two optional parameters defined by this section may be extended. Published specification: ISO/IEC 14496-22 "Open Font Format" (OFF) specification being developed by ISO/IEC SC29/WG11. Applications that use this media type: Any and all applications that are able to create, edit or display textual media content. Additional information: Magic number(s): The TrueType fonts and OFF / OpenType fonts containing TrueType outlines should use 0x00010000 as the 'sfnt' version number. The OFF / OpenType fonts containing CFF data should use the tag 'OTTO' as 'sfnt' version number. File extension(s): Font file extensions used for OFF / OpenType fonts: .ttf, .otf Typically, .ttf extension is only used for fonts containing TrueType outlines, while .otf extension can be used for any OpenType/OFF font, either with TrueType or CFF outlines. Macintosh file type code(s): (no code specified) @font-face Format: none. Fragment Identifiers none. Person & email address to contact for further information: Vladimir Levantovsky (vladimir.levantovsky@monotype.com). Intended usage: COMMON Restrictions on usage: None Author: The ISO/IEC 14496-22 "Open Font Format" specification is a product of the ISO/IEC JTC1 SC29/WG11. Change controller: The ISO/IEC has change control over this specification. Lilley Expires August 1, 2016 [Page 6] Internet-Draft The font Top Level Type January 2016 5.2. TTF font type Type name: font Subtype name: ttf Required parameters: None. Optional parameters: Name: Layout Value: OTF, AAT, SIL This parameter identifies the type of support mechanism for advanced text layout features. The predefined values "OTF", "AAT" and " SIL" respectively indicate support for OpenType text layout, Apple Advanced Typography or Graphite SIL. More than one shaping and layout mechanism may be supported by the same font file, therefore, multiple values for the same optional parameter may be defined. Encoding considerations: Binary. Interoperability considerations: As was noted in the first paragraph of the "Security considerations" section, the same font format can be used to encode fonts supporting different types of outlines and/or text shaping and layout mechanisms. Existing font rendering engine implementations may not be able to process some of the particular layout table formats, and downloading a font resource that contains unsupported text shaping mechanism would result in inability of applications to display text properly. Therefore, it would be extremely useful to clearly identify the supported text shaping and layout data within a font using an optional parameter, and allow applications to make decisions about downloading a particular font resource sooner. Please note that as new text shaping mechanisms may be defined in the future, the set of allowed values for the optional parameter defined by this section may be extended. Published specification: ISO/IEC 14496-22 "Open Font Format" (OFF) specification being developed by ISO/IEC SC29/WG11. Applications that use this media type: Any and all applications that are able to create, edit or display textual media content. Additional information: Lilley Expires August 1, 2016 [Page 7] Internet-Draft The font Top Level Type January 2016 Magic number(s): The TrueType fonts and OFF / OpenType fonts containing TrueType outlines should use 0x00010000 as the 'sfnt' version number. File extension(s): Font file extensions used for TrueType / OFF / OpenType fonts: .ttf, .otf Typically, .ttf extension is only used for fonts containing TrueType outlines, while .otf extension may be used for any OpenType/OFF font, either with TrueType or CFF outlines. Macintosh file type code(s): (no code specified) @font-face Format: truetype Fragment Identifiers none. Person & email address to contact for further information: Vladimir Levantovsky (vladimir.levantovsky@monotype.com). Intended usage: COMMON Restrictions on usage: None Author: The ISO/IEC 14496-22 "Open Font Format" specification is a product of the ISO/IEC JTC1 SC29/WG11. Change controller: The ISO/IEC has change control over this specification. 5.3. OTF font type Type name: font Subtype name: otf Required parameters: None. Optional parameters Name: Outlines Value: TTF, CFF, SVG This parameter can be used to specify the type of outlines supported by the font. Value "TTF" shall be used when a font resource contains glyph outlines in TrueType format, value "CFF" shall be used to identify fonts containing PostScript/CFF outlines, and value SVG shall be used to identify fonts that include SVG outlines. TTF, CFF or SVG outlines can be present Lilley Expires August 1, 2016 [Page 8] Internet-Draft The font Top Level Type January 2016 in various combinations in the same font file, therefore, multiple values for the same optional parameter may be defined. Encoding considerations: Binary. Interoperability considerations: As it was noted in the first paragraph of the "Security considerations" section, the same font format can be used to encode fonts with different types of glyph data represented as either TrueType, PostScript (CFF) or SVG outlines. Existing font rendering engines may not be able to process some of the particular outline formats, and downloading a font resource that contains unsupported glyph data format would result in inability of application to render and display text. Therefore, it would be extremely useful to clearly identify the format of the glyph outline data within a font using an optional parameter, and allow applications to make decisions about downloading a particular font resource sooner. Please note that as new outline formats may be defined in the future, the set of allowed values for the optional parameter defined in this section may be extended. Published specification: ISO/IEC 14496-22 "Open Font Format" (OFF) specification being developed by ISO/IEC SC29/WG11. Applications that use this media type: Any and all applications that are able to create, edit or display textual media content. Additional information: Magic number(s): The TrueType fonts and OFF / OpenType fonts containing TrueType outlines should use 0x00010000 as the 'sfnt' version number. The OFF / OpenType fonts containing CFF data should use the tag 'OTTO' as 'sfnt' version number. File extension(s): Font file extensions used for OFF / OpenType fonts: .ttf, .otf Typically, .ttf extension is only used for fonts containing TrueType outlines, while .otf extension can be used for any OpenType/OFF font, either with TrueType, CFF or SVG outlines. Macintosh file type code(s): (no code specified) @font-face Format: opentype Fragment Identifiers none. Lilley Expires August 1, 2016 [Page 9] Internet-Draft The font Top Level Type January 2016 Person & email address to contact for further information: Vladimir Levantovsky (vladimir.levantovsky@monotype.com). Intended usage: COMMON Restrictions on usage: None Author: The ISO/IEC 14496-22 "Open Font Format" specification is a product of the ISO/IEC JTC1 SC29/WG11. Change controller: The ISO/IEC has change control over this specification. 5.4. WOFF 1.0 Type name: font Subtype name: woff Required parameters: None. Optional parameters: None. Encoding considerations: Binary. Interoperability considerations: None. Published specification: This media type registration updates the WOFF specification [3] at W3C. Applications that use this media type: WOFF is used by Web browsers, often in conjunction with HTML and CSS. Additional information: Magic number(s): The signature field in the WOFF header MUST contain the "magic number" 0x774F4646 File extension(s): woff Macintosh file type code(s): (no code specified) Macintosh Universal Type Identifier code: "org.w3c.woff" @font-face Format: woff Fragment Identifiers: none. Lilley Expires August 1, 2016 [Page 10] Internet-Draft The font Top Level Type January 2016 Person & email address to contact for further information: Chris Lilley (www-font@w3.org). Intended usage: COMMON Restrictions on usage: None Author: The WOFF specification is a work product of the World Wide Web Consortium's WebFonts Working Group. Change controller: The W3C has change control over this specification. 5.5. WOFF 2.0 Type name: font Subtype name: woff2 Required parameters: None. Optional parameters: None. Encoding considerations: Binary. Interoperability considerations: WOFF 2.0 is an improvement on WOFF 1.0. The two formats have different Internet Media Types, different @font-face formats, and may be used in parallel. Published specification: This media type registration is extracted from the WOFF 2.0 specification [4] at W3C. Applications that use this media type: WOFF 2.0 is used by Web browsers, often in conjunction with HTML and CSS. Additional information: Magic number(s): The signature field in the WOFF header MUST contain the "magic number" 0x774F4632 ('wOF2') File extension(s): woff2 Macintosh file type code(s): (no code specified) Macintosh Universal Type Identifier code: "org.w3c.woff2" @font-face Format: woff2 Lilley Expires August 1, 2016 [Page 11] Internet-Draft The font Top Level Type January 2016 Fragment Identifiers none. Person & email address to contact for further information: Chris Lilley (www-font@w3.org). Intended usage: COMMON Restrictions on usage: None Author: The WOFF2 specification is a work product of the World Wide Web Consortium's WebFonts Working Group. Change controller: The W3C has change control over this specification. 6. References 6.1. URIs [1] http://httparchive.org/ trends.php?s=All&minlabel=Nov+15+2010&maxlabel=Feb+15+2015 [2] http://goo.gl/zbDhUN [3] http://www.w3.org/TR/WOFF [4] http://www.w3.org/TR/WOFF2 Author's Address Chris Lilley W3C 2004 Route des Lucioles Sophia Antipolis 06902 France Email: chris@w3.org Lilley Expires August 1, 2016 [Page 12]