Sean Leonard
2014-09-15 04:59:48 UTC
Greetings.
Due to application requirements, I am working on a standardized Internet
media type (formerly MIME type) for the tar format, also known as "pax
Interchange Format" and "ustar Interchange Format". The proposed type is
application/tar.
I would like to know if there is a point of contact for this application
that I should list, and if said point of contact would like to work with
me on this application. The format is defined by POSIX.1-2008
(specifically the Shell & Utilities - pax topic), and change control
lies with POSIX. Because POSIX is a recognized standards group effort,
the type can be registered directly, without a formal RFC. Nevertheless,
I intend to submit it to the appropriate areas for discussion prior to
registration.
For those familiar with the Internet media type registration process, an
initial draft template is below. The template follows the instructions
in RFC 6838 <http://tools.ietf.org/html/rfc6838>.
Thank you,
Sean Leonard
***********
[DRAFT]
To: media-types-***@public.gmane.org
This is a registration request for the Internet media type application/tar, for tar format archives.
Type name: application
Subtype name: tar
Required parameters: N/A
Optional parameters: N/A
Encoding considerations: binary
Security considerations:
TAR (TApe Archive), as an archive format, can contain arbitrary files of
arbitrary types, including files that are not considered "regular files" (e.g., symbolic links, directories). Some of these files may be executable or contain content such as scripts that could compromise the security of a computer. Additionally, some files may contain directives such as URIs that, when accessed, can compromise privacy. As POSIX file system
information can be recorded in this format, user and group permissions,
dates, and the like can also be overwritten when the data is extracted. Furthermore, when creating this format, personal data such as user and group permissions from a source computer system can be surreptitiously included in the format as a method of exfiltrating that data. The format permits extensions ("pax extensions")--these extensions may have their own security risks.
Interoperability considerations:
TAR is a widely-recognized archive format on all modern computer systems,
especially those relating to UNIX and the POSIX standards. The format has
undergone several iterations; the main current variations are "pax" and "ustar", which are compatible with each other.
Published specification:
POSIX.1-2008, IEEE Std 1003.1-2008 (2013 Edition), IEEE Standard for Information Technology - Portable Operating System Interface (POSIX)" Shell and Utilities - pax - EXTENDED DESCRIPTION - pax Interchange Format, ustar Interchange Format
http://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html
Applications that use this media type:
pax is the POSIX utility. Most UNIX-compatible implementations also include a utility called tar.
Most software archiving programs of any notoriety process this format; implementations are too numerous to list.
Fragment identifier considerations: N/A
Additional information:
Deprecated alias names for this type: N/A
Magic number(s): hex: 75 73 74 61 72 00 30 30, or
US-ASCII: u s t a r NUL 0 0,
at octet 257
File extension(s): tar
Macintosh file type code(s): N/A
Person & email address to contact for further information:
Sean Leonard<dev+ietf-***@public.gmane.org>
<Austin Group contacts?>
Intended usage: COMMON
Restrictions on usage: None.
Author:
The Austin Common Standards Revision Group (CSRG)
The Institute of Electrical and Electronics Engineers (IEEE)
The Open Group
Change controller: CSRG <contacts?>
Provisional registration? (standards tree only): No
*END*
Due to application requirements, I am working on a standardized Internet
media type (formerly MIME type) for the tar format, also known as "pax
Interchange Format" and "ustar Interchange Format". The proposed type is
application/tar.
I would like to know if there is a point of contact for this application
that I should list, and if said point of contact would like to work with
me on this application. The format is defined by POSIX.1-2008
(specifically the Shell & Utilities - pax topic), and change control
lies with POSIX. Because POSIX is a recognized standards group effort,
the type can be registered directly, without a formal RFC. Nevertheless,
I intend to submit it to the appropriate areas for discussion prior to
registration.
For those familiar with the Internet media type registration process, an
initial draft template is below. The template follows the instructions
in RFC 6838 <http://tools.ietf.org/html/rfc6838>.
Thank you,
Sean Leonard
***********
[DRAFT]
To: media-types-***@public.gmane.org
This is a registration request for the Internet media type application/tar, for tar format archives.
Type name: application
Subtype name: tar
Required parameters: N/A
Optional parameters: N/A
Encoding considerations: binary
Security considerations:
TAR (TApe Archive), as an archive format, can contain arbitrary files of
arbitrary types, including files that are not considered "regular files" (e.g., symbolic links, directories). Some of these files may be executable or contain content such as scripts that could compromise the security of a computer. Additionally, some files may contain directives such as URIs that, when accessed, can compromise privacy. As POSIX file system
information can be recorded in this format, user and group permissions,
dates, and the like can also be overwritten when the data is extracted. Furthermore, when creating this format, personal data such as user and group permissions from a source computer system can be surreptitiously included in the format as a method of exfiltrating that data. The format permits extensions ("pax extensions")--these extensions may have their own security risks.
Interoperability considerations:
TAR is a widely-recognized archive format on all modern computer systems,
especially those relating to UNIX and the POSIX standards. The format has
undergone several iterations; the main current variations are "pax" and "ustar", which are compatible with each other.
Published specification:
POSIX.1-2008, IEEE Std 1003.1-2008 (2013 Edition), IEEE Standard for Information Technology - Portable Operating System Interface (POSIX)" Shell and Utilities - pax - EXTENDED DESCRIPTION - pax Interchange Format, ustar Interchange Format
http://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html
Applications that use this media type:
pax is the POSIX utility. Most UNIX-compatible implementations also include a utility called tar.
Most software archiving programs of any notoriety process this format; implementations are too numerous to list.
Fragment identifier considerations: N/A
Additional information:
Deprecated alias names for this type: N/A
Magic number(s): hex: 75 73 74 61 72 00 30 30, or
US-ASCII: u s t a r NUL 0 0,
at octet 257
File extension(s): tar
Macintosh file type code(s): N/A
Person & email address to contact for further information:
Sean Leonard<dev+ietf-***@public.gmane.org>
<Austin Group contacts?>
Intended usage: COMMON
Restrictions on usage: None.
Author:
The Austin Common Standards Revision Group (CSRG)
The Institute of Electrical and Electronics Engineers (IEEE)
The Open Group
Change controller: CSRG <contacts?>
Provisional registration? (standards tree only): No
*END*