< draft-hardy-pdf-mime-04.txt   draft-hardy-pdf-mime-05.txt >
Network Working Group M. Hardy Network Working Group M. Hardy
Internet-Draft L. Masinter Internet-Draft L. Masinter
Obsoletes: 3778 (if approved) D. Markovic Obsoletes: 3778 (if approved) D. Markovic
Intended status: Informational Adobe Systems Incorporated Intended status: Informational Adobe Systems Incorporated
Expires: March 8, 2017 D. Johnson Expires: August 27, 2017 D. Johnson
PDF Association PDF Association
M. Bailey M. Bailey
Global Graphics Global Graphics
September 4, 2016 February 23, 2017
The application/pdf Media Type The application/pdf Media Type
draft-hardy-pdf-mime-04 draft-hardy-pdf-mime-05
Abstract Abstract
The Portable Document Format (PDF) is an ISO standard (ISO The Portable Document Format (PDF) is an ISO standard (ISO
32000-1:2008) defining a final-form document representation language 32000-1:2008) defining a final-form document representation language
in use for document exchange, including on the Internet, since 1993. in use for document exchange, including on the Internet, since 1993.
This document provides an overview of the PDF format and updates the This document provides an overview of the PDF format and updates the
media type registration of "application/pdf". It obsoletes RFC 3778. media type registration of "application/pdf". It obsoletes RFC 3778.
Status of This Memo Status of This Memo
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 8, 2017. This Internet-Draft will expire on August 27, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. History . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. History . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Fragment Identifiers . . . . . . . . . . . . . . . . . . . . 3 3. Fragment Identifiers . . . . . . . . . . . . . . . . . . . . 3
4. Subset Standards . . . . . . . . . . . . . . . . . . . . . . 8 4. Subset Standards . . . . . . . . . . . . . . . . . . . . . . 5
5. PDF Versions . . . . . . . . . . . . . . . . . . . . . . . . 9 5. PDF Versions . . . . . . . . . . . . . . . . . . . . . . . . 6
6. PDF Implementations . . . . . . . . . . . . . . . . . . . . . 9 6. PDF Implementations . . . . . . . . . . . . . . . . . . . . . 6
7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 7. Security Considerations . . . . . . . . . . . . . . . . . . . 7
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
9.1. Normative References . . . . . . . . . . . . . . . . . . 11 9.1. Normative References . . . . . . . . . . . . . . . . . . 9
9.2. Informative References . . . . . . . . . . . . . . . . . 11 9.2. Informative References . . . . . . . . . . . . . . . . . 9
Appendix A. Changes since RFC 3778 . . . . . . . . . . . . . . . 13 Appendix A. Changes since RFC 3778 . . . . . . . . . . . . . . . 10
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11
1. Introduction 1. Introduction
This document is intended to provide updated information on the This document is intended to provide updated information on the
registration of the MIME Media Type "application/pdf" for documents registration of the MIME Media Type "application/pdf" for documents
defined in the PDF [ISOPDF], "Portable Document Format", syntax. It defined in the PDF [ISOPDF], "Portable Document Format", syntax. It
obsoletes [RFC3778]. obsoletes [RFC3778].
PDF was originally envisioned as a way to reliably communicate and PDF was originally envisioned as a way to reliably communicate and
view printed information electronically across a wide variety of view printed information electronically across a wide variety of
skipping to change at page 3, line 39 skipping to change at page 3, line 39
the ISO. These standards include PDF for Archival (PDF/A) [ISOPDFA], the ISO. These standards include PDF for Archival (PDF/A) [ISOPDFA],
PDF for Engineering (PDF/E) [ISOPDFE], PDF for Universal PDF for Engineering (PDF/E) [ISOPDFE], PDF for Universal
Accessibility (PDF/UA) [ISOPDFUA], PDF for Variable Data and Accessibility (PDF/UA) [ISOPDFUA], PDF for Variable Data and
Transactional Printing (PDF/VT) [ISOPDFVT], and PDF for Prepress Transactional Printing (PDF/VT) [ISOPDFVT], and PDF for Prepress
Digital Data Exchange (PDF/X) [ISOPDFX]. The subset standards are Digital Data Exchange (PDF/X) [ISOPDFX]. The subset standards are
fully compliant PDF files capable of being displayed in a general PDF fully compliant PDF files capable of being displayed in a general PDF
viewer. viewer.
3. Fragment Identifiers 3. Fragment Identifiers
A set of fragment identifiers [RFC3986] and their handling are Fragment identifiers appear at the end of a URI, and provide a way to
defined in ISO 32000-2 [ISOPDF2]. This section summarizes that reference an anchor to subordinate content within the target of the
material; any disagreements between that document and this should be URI, or additional parameters to the process of opening the
resolved in favor of the ISO definition, once that has been approved. identified content. The syntax and semantics of fragment identifiers
is referenced in the media type definition.
A fragment identifier is comprised of one or more parameters The specification of fragment identifiers for PDF appeared originally
separated by the AMPERSAND (&) character. Each parameter implies an in [RFC3778], but now will be included in ISO 32000-2 [ISOPDF2].
action to be performed on the document and provides values to be used This section is a summary of that material. Any disagreements
for that action; the values for a parameter are introduced by an between that document and this should be resolved in favor of the ISO
EQUAL SIGN (=) and separated by a COMMA (,); values which are strings 32000-2 definition, once that has been approved.
appear in the fragment identifier using URI's percent-hex escaping --
spaces, reserved and non-ASCII strings are included by %nn encoding
the UTF-8 of each character. Actions shall be processed and executed
from left to right as they appear in the character string that makes
up the fragment identifier.
The parameters listed in this section operate on the document at the A fragment identifier for PDF has one or more parameters, separated
point it is opened; for this reason they are sometimes referred to as by the ampersand (&) or pound (#) character. Each parameter consists
PDF open parameters. The fragment identifier should be processed of the parameter name, "=" (equal), and the parameter value; lists of
immediately after document-specified open parameters have been values are comma-separated, and parameter value strings may be URI-
processed. encoded ([RFC3986]). Parameters are processed left to right.
The table below lists the PDF open parameters relevant to PDF. All Coordinate values (such as <left>, <right>, <width>) are expressed in
coordinate values (left, right, top, and bottom) are expressed in the the default user space coordinate system of the document: 1/72 of an
default user space coordinate system (1/72 of an inch measured down inch measured down and to the right from the upper-left corner of the
and to the right from the upper-left corner); see [ISOPDF] (current) page. ([ISOPDF2] 8.3.2.3 "User Space")
Section 8.3.2.3 "User Space".
PDF Open Parameters The following parameters identify subordinate content of a PDF file,
but also may be used to set the document view to make the (start of)
the identified content visible:
+--------------+-------------------------+--------------------------+ page=<pageNum>
| Parameter | Arguments | Description | Identifies a specified (physical) page; the first page in the
| Name | | | document has a pageNum value of 1.
+--------------+-------------------------+--------------------------+
| "nameddest" | _name_ | Open the document to the | nameddest=<name>
| | | specified named | Identifies a named destination ([ISOPDF2] 12.3.2.4 "Named
| | | destination. The | destinations").
| | | argument provided is a |
| | | string which shall | structelem=<structID>
| | | correspond to the name | structID is a byte string with URI encoding; identifies the
| | | of a destination in the | structure element with ID key within a StructElem dictionary of
| | | target document. | the document.
| "page" | _pageNum_ | Open the document to the |
| | | specified page number. | comment=<commentID>
| | | The argument shall be a | The commentID is the value of an annotation name, which is defined
| | | positive integer number. | by the NM key in the corresponding annotation dictionary (of the
| | | The first page in the | selected page. ([ISOPDF2] 12.5.2 "Annotation dictionaries")
| | | document has a pageNum |
| | | value of 1. | ef=<name>
| "zoom" | _scale scale,left,top_ | Open the document with | Identifies the embedded file where the parameter string <name>
| | | the specified zoom level | matches a file specification dictionary in the EmbeddedFiles name
| | | and optional offset. | tree. If the "ef" parameter is not at the end of the fragment
| | | The scale argument shall | identifier, then the rest of the fragment identifier (after the
| | | be either an integer or | ampersand or hash delimiter) is applied to the embedded file
| | | floating point value | according to its own media type. This allows identification of
| | | representing the | content within the embedded file (which itself might be a PDF
| | | percentage to which the | file).
| | | document should be |
| | | zoomed, where a value of | NOTE: When opening a PDF file that is not from a trusted source,
| | | 100 would correspond to | processor may choose to prompt the user or even prevent opening of
| | | a zoom of 100%. The | the file.
| | | left and top arguments |
| | | are optional, but shall | These parameters also operate on the view of the PDF document when it
| | | both be specified if | is opened.
| | | either is included. The |
| | | left and top arguments | zoom=<scale>,<left>,<top>
| | | shall be integer or | <scale> is the percentage to which the document should be zoomed,
| | | floating point values | where a value of 100 correspond to a zoom of 100%. <left> and
| | | representing the offset | <top> are optional, but both must be specified if either is
| | | from the left and top of | included.
| | | the page in a coordinate |
| | | system where 0,0 | view=<keyword>,<position>
| | | represents the top left | The arguments correspond to those found in [ISOPDF2] 12.3.2.2
| | | corner of the page. | "Explicit destinations". keyword is one of the keywords defined
| "view" | _keyword,position_ | Open the document with | in [ISOPDF2] "Table 149: Destination syntax" with appropriate
| | | the specified | position values.
| | | destination set as the |
| | | view. The arguments | viewrect=<left>,<top>,<width>,<height>
| | | shall correspond to | Set the view rectangle.
| | | those found in [ISOPDF2] |
| | | 12.3.2.2, "Explicit | highlight=<left>,<right>,<top>,<bottom>
| | | destinations". The | Highlight the specified rectangle.
| | | keyword shall correspond |
| | | to one of the keywords | search=<wordList>
| | | defined in [ISOPDF2] | Open the document and search for one or more words, selecting the
| | | Table 149, "Destination | first matching word in the document. wordList is a string enclosed
| | | syntax" with appropriate | in quotation marks where individual words are separated by the
| | | position values. | space character (or %20).
| "viewrect" | _left,top,width,height_ | Open the document with |
| | | the specified window | fdf=<URI>
| | | view rectangle. The | Imports data into PDF form fields. The URI is either a relative
| | | left and top arguments | or absolute URI to an FDF or XFDF file. The fdf parameter should
| | | shall be integer or | be specified as the last parameter to a given URI.
| | | floating point values |
| | | representing the offset |
| | | from the left and top of |
| | | the page in a coordinate |
| | | system where 0,0 |
| | | represents the top left |
| | | corner of the page. The |
| | | width and height |
| | | arguments shall be |
| | | integer or floating |
| | | point values |
| | | representing the width |
| | | and height of the view. |
| "highlight" | _left,right,top,bottom_ | Open the document with |
| | | the specified rectangle |
| | | highlighted. Each |
| | | argument shall be an |
| | | integer or floating |
| | | point value representing |
| | | the rectangle measured |
| | | from the top left corner |
| | | of the page. |
| "structelem" | _structID_ | Open to the page on |
| | | which the first content |
| | | item, hierarchically |
| | | contained within the |
| | | structure element |
| | | identified by the |
| | | structure ID, is |
| | | located. If no content |
| | | is contained within the |
| | | hierarchy of the |
| | | structure element or the |
| | | ID does not match a |
| | | structure element, the |
| | | page number shall be |
| | | treated as the first |
| | | page within the |
| | | document. The structID |
| | | shall be a byte string |
| | | with URI encoding that |
| | | will be matched to the |
| | | ID key within a |
| | | StructElem dictionary. |
| "comment" | _commentID_ | Open the document with |
| | | the specified comment |
| | | selected. The commentID |
| | | shall be the value of an |
| | | annotation name, which |
| | | is defined by the NM key |
| | | in the corresponding |
| | | annotation dictionary |
| | | (see 12.5.2 "Annotation |
| | | dictionaries", Table |
| | | 167). If the comment |
| | | parameter is combined |
| | | with another parameter |
| | | that defines a specific |
| | | page to be displayed, |
| | | then the comment |
| | | parameter shall appear |
| | | after that in the URI. |
| | | Note: The NM key is |
| | | unique to a specific |
| | | page, but is not |
| | | guaranteed to be unique |
| | | to a document. Unless |
| | | the page on which the |
| | | comment resides has been |
| | | selected prior to the |
| | | comment parameter, the |
| | | comment will not be |
| | | selected. |
| "search" | _wordList_ | Open the document and |
| | | search for one or more |
| | | words, selecting the |
| | | first matching word in |
| | | the document. The |
| | | wordList argument |
| | | defines the search words |
| | | and shall be a string |
| | | enclosed within |
| | | quotation marks |
| | | comprised of individual |
| | | words separated by space |
| | | characters. Note that |
| | | the space characters |
| | | must be encoded. |
| "fdf" | _URI_ | Open the document and |
| | | then import the data |
| | | from the specified FDF |
| | | or XFDF file (see |
| | | [ISOPDF] Section |
| | | 12.7.8). The URI shall |
| | | be either a relative or |
| | | absolute URI to an FDF |
| | | or XFDF file. The fdf |
| | | parameter should be |
| | | specified as the last |
| | | parameter to a given |
| | | URI. Note: The fdf |
| | | parameter is recommended |
| | | to be the last parameter |
| | | so that the document can |
| | | open directly to the |
| | | appropriate view. |
| "ef" | _name_ | Open the embedded file |
| | | contained within the |
| | | EmbeddedFiles name tree |
| | | identified by the name. |
| | | The name argument shall |
| | | be a byte string used to |
| | | match a file |
| | | specification dictionary |
| | | in the EmbeddedFiles |
| | | name tree. |
+--------------+-------------------------+--------------------------+
4. Subset Standards 4. Subset Standards
Several subsets of PDF have been published as distinct ISO standards: Several subsets of PDF have been published as distinct ISO standards:
o PDF/X, initially released in 2001 as PDF/X-1a [ISOPDFX], specifies o PDF/X, initially released in 2001 as PDF/X-1a [ISOPDFX], specifies
how to use PDF for graphics exchange, with the aim to fascilitate how to use PDF for graphics exchange, with the aim to fascilitate
correct and predictable printing by print service providers. The correct and predictable printing by print service providers. The
standard has gone through multiple revisions over the years and standard has gone through multiple revisions over the years and
has several published parts, the most recently released being part has several published parts, the most recently released being part
8, specifying different levels of conformance: PDF/X-1a:2001, PDF/ 8, specifying different levels of conformance: PDF/X-1a:2001, PDF/
X-3:2002, PDF/X-1a:2003, PDF/X-3:2003, PDF/X-4, PDF/X-4p, PDF/X-5, X-3:2002, PDF/X-1a:2003, PDF/X-3:2003, PDF/X-4, PDF/X-4p, PDF/
PDF/X-5g, PDF/X-5pg and PDF/X-5n. X-5g, PDF/X-5pg and PDF/X-5n.
o PDF/A, initially released in 2005, specifies how to use PDF for o PDF/A, initially released in 2005, specifies how to use PDF for
long-term preservation (archiving) of electronic documents. It long-term preservation (archiving) of electronic documents. It
prohibits PDF features which are not well suited to long term prohibits PDF features which are not well suited to long term
archiving of documents, including JavaScript or executable file archiving of documents, including JavaScript or executable file
launches. Its requirements for PDF/A viewers include color launches. Its requirements for PDF/A viewers include color
management guidelines and support for embedded fonts. There are management guidelines and support for embedded fonts. There are
three parts of this standard and a total of eight conformance three parts of this standard and a total of eight conformance
levels: PDF/A-1a, PDF/A-1b, PDF/A-2a, PDF/A-2b, PDF/A-2u, PDF/ levels: PDF/A-1a, PDF/A-1b, PDF/A-2a, PDF/A-2b, PDF/A-2u, PDF/
A-3a, PDF/A-3b and PDF/A-3u. A-3a, PDF/A-3b and PDF/A-3u.
skipping to change at page 9, line 36 skipping to change at page 7, line 11
For most of the common platforms in use (iOS, OS X, Windows, Android, For most of the common platforms in use (iOS, OS X, Windows, Android,
ChromeOS, Kindle) and for most browsers (Edge, Safari, Chrome, ChromeOS, Kindle) and for most browsers (Edge, Safari, Chrome,
Firefox), PDF viewing is built-in. In addition, there are many PDF Firefox), PDF viewing is built-in. In addition, there are many PDF
viewers available for download and install. The PDF specification viewers available for download and install. The PDF specification
was published and freely available since the format was introduced in was published and freely available since the format was introduced in
1993, so hundreds of companies and organizations make tools for PDF 1993, so hundreds of companies and organizations make tools for PDF
creation, viewing, and manipulation. creation, viewing, and manipulation.
7. Security Considerations 7. Security Considerations
PDF is certainly a complex media type as per Section 4.6 of
[RFC6838], which sets requirements for security analysis of media
type registrations. [RFC3778] (which this document obsoletes)
contained a detailed analysis of some of the security issues for PDF
implementations known at the time. While the analysis isn't
necessarily wrong, the threat analysis is much too limited, and the
mitigations somewhat out of date. There is now extensive literature
on security threats involving PDF implementations and how to avoid
them, consistent with broad implementation over decades. We are not
registering a new media type but rather making a primarily
administrative update. With those caveats:
The PDF file format allows several constructs which may compromise The PDF file format allows several constructs which may compromise
security if handled inadequately by PDF processors. For example: security if handled inadequately by PDF processors. For example:
o PDF may contain scripts to customize the displaying and processing o PDF may contain scripts to customize the displaying and processing
of PDF files. These scripts are expressed in a version of of PDF files. These scripts are expressed in a version of
JavaScript and are intended for execution by the PDF processor. JavaScript and are intended for execution by the PDF processor.
o PDF file may refer to other PDF files for portions of content. o PDF file may refer to other PDF files for portions of content.
PDF processors are expected to find these external files and load PDF processors are expected to find these external files and load
them in order to display the document. them in order to display the document.
o PDF may act as a container for various files embedded in it (for o PDF may act as a container for various files embedded in it (for
example, as attached files). PDF processors may offer example, as attached files). PDF processors may offer
functionality to open and display such files or store them on the functionality to open and display such files or store them on the
system. THe PDF specification places no restrictions on types of system, such as with the "ef" open action. THe PDF specification
files which may be embedded, so PDF processors should be extremely places no restrictions on types of files which may be embedded, so
careful to prevent unwanted execution of attached executables or PDF processors should be extremely careful to prevent unwanted
decompression of attached archives which may store dangerous files execution of attached executables or decompression of attached
in the host file system. archives which may store dangerous files in the host file system.
o PDF files may contain links to content on the internet. PDF o PDF files may contain links to content on the internet. PDF
processors may offer functionality to show such content upon processors may offer functionality to show such content upon
following the link. following the link.
o The fragment identifier syntax (Section 3) contains directives for
opening ("ef") or inluding ("fdf") additional material.
PDF interpreters executing any scripts or programs related to these PDF interpreters executing any scripts or programs related to these
constructs must be extremely careful to insure that untrusted constructs must be extremely careful to insure that untrusted
software is executed in a protected environment. software is executed in a protected environment.
In addition, the PDF processor itself, as well as its plugins, In addition, the PDF processor itself, as well as its plugins,
scripts etc. may be a source of insecurity, by either obvious or scripts etc. may be a source of insecurity, by either obvious or
subtle means. subtle means.
8. IANA Considerations 8. IANA Considerations
 End of changes. 16 change blocks. 
227 lines changed or deleted 122 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/