Internet DRAFT - draft-lilley-font-toplevel
draft-lilley-font-toplevel
Network Working Group C. Lilley
Internet-Draft W3C
Intended status: Standards Track October 16, 2015
Expires: April 18, 2016
The font Primary Content Type
draft-lilley-font-toplevel-00
Abstract
This memo serves to register and document the "font" Primary Content
Type, under which the Internet Media subtypes for representation
formats for fonts may be registered. This document also serves as a
registration application for a set of intended subtypes, which are
representative of some existing subtypes already registered under the
"application" tree by their separate registrations.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 18, 2016.
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
Lilley Expires April 18, 2016 [Page 1]
�
Internet-Draft The font Primary Content Type October 2015
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
1. Introduction
The process of setting type in computer systems and other forms of
text presentation systems uses fonts in order to provide visual
representations of the glyphs. Just as with images, for example,
there are a number of ways to represent the visual information of the
glyphs. Early font formats often used bitmaps, as these could have
been carefully tuned for maximum readability at a given size on low-
resolution displays. More recently, scalable vector outline fonts
have come into widespread use: in these fonts, the outlines of the
glyphs are described, and the presentation system renders the outline
in the desired position and size.
This document defines a top-level Internet Media Type type "font"
under which different representation formats of fonts may be
registered (e.g. a bitmap or outline formats). It should be
emphasized that, just as under the "image" top-level type one does
not find registration for a specific image, for example, "The Night-
watch" (by Rembrandt) but instead "JPEG" (a compressed image data
representation format), so, under "font" one will not find "Courier"
(the name of a popular font) but perhaps "TTF", "OTF" or "SFNT" (the
names of commonly used TrueType and OpenType font formats as well as
their higher-level wrapper format).
2. Background and Justification
Historically there has not been a registration of formats for fonts.
Most recently, there have been several representation formats
registered as MIME subtypes under the "application" top-level type.
However, with the rapid adoption of web fonts (based on the data from
HTTP Archive [1] showing a huge increase in web font usage from 1% in
the end of 2010 to 50% across all sites in the beginning of 2015)
custom fonts on the web have become a core web resource. As the in-
depth analysis [2] shows, the lack of the intuitive top-level font
type is causing significant confusion among developers - while
currently defined font subtypes are severely under-utilized there are
many more sites that already use non-existent (but highly intuitive)
media types such as "font/woff", "font/ttf" and "font/truetype". At
the same time, the majority of sites resort to using generic types
such as "application/octet-stream", "text/plain" and "text/html"; or
use unregistrable types such as "application/x-font-ttf".
Contrary to our expectations, the officially defined IANA subtypes
such as "application/font-woff" and "application/font-sfnt" see a
very limited use - their adoption rates trail far behind as the
Lilley Expires April 18, 2016 [Page 2]
�
Internet-Draft The font Primary Content Type October 2015
actual use of web fonts continues to increase. The members of the
W3C WebFonts WG believe the use of "application" top-level type is
not ideal. First, the "application" sub-tree is treated (correctly)
with great caution with respect to viruses and other active code.
Secondly, the lack of a top-level type means that there is no
opportunity to have a common set of optional attributes, such as are
specified here. Third, fonts have a unique set of licensing and
usage restrictions, which makes it worthwhile to identify this
general category with a unique top-level type.
The W3C WebFonts WG believes that the situation can be significantly
improved if a set of font media types is registered using "font" as a
dedicated top-level type. Based on the data analysis presented
above, we believe that it is the presence of simple and highly
intuitive media types for images that caused the widespread adoption
of IANA's recommendations, where the correct usage of existing media
types reaches over 97% for all subtypes in the "image" tree. The WG
believes that, considering a rapid adoption of fonts on the web, the
registration of the top-level media type for fonts along with the
intuitive set of subtypes that reflect popular and widely used data
formats would further stimulate the adoption of web fonts,
significantly simplify web server configuration process and
facilitate the proper use of IANA media type recommendations.
3. Security considerations
Fonts are interpreted data structures that represent collections of
different tables containing data that represent different types of
information, including glyph outlines in various formats, hinting
instructions, metrics and layout information for multiple languages
and writing systems, rules for glyph substitution and positioning,
etc. Depending on the format used to represent the glyph data the
font may contain TrueType, PostScript or SVG outlines and their
respective hint instructions, where applicable. There are many
existing, already standardized font table tags and formats that allow
an unspecified number of entries containing predefined data fields
for storage of variable length binary data. Many existing (TrueType,
OpenType and OFF, SIL Graphite, WOFF, etc.) font formats are based on
the table-based SFNT (scalable font) format which is extremely
flexible, highly extensible and offers an opportunity to introduce
additional table structures when needed, in a way that would not
affect existing font rendering engines and text layout
implementations. However, this very extensibility may present
specific security concerns - the flexibility and ease of adding new
data structures makes it easy for any arbitrary data to be hidden
inside a font file. There is a significant risk that the flexibility
of font data structures may be exploited to hide malicious binary
content disguised as a font data component.
Lilley Expires April 18, 2016 [Page 3]
�
Internet-Draft The font Primary Content Type October 2015
Fonts may contain 'hints', which are programmatic instructions that
are executed by the font engine for the alignment of graphical
elements of glyph outlines with the target display pixel grid.
Depending on the font technology utilized in the creation of a font
these hints may represent active code interpreted and executed by the
font rasterizer. Even though hints operate within the confines of
the glyph outline conversion system and have no access outside the
font rendering engine, hint instructions can be, however, quite
complex, and a maliciously designed complex font could cause undue
resource consumption (e.g. memory or CPU cycles) on a machine
interpreting it. Indeed, fonts are sufficiently complex, and most
(if not all) interpreters cannot be completely protected from
malicious fonts without undue performance penalties.
Widespread use of fonts as necessary component of visual content
presentation warrants that a careful attention should be given to
security considerations whenever a font is either embedded into an
electronic document or transmitted alongside media content as a
linked resource. While many existing font formats provide certain
levels of protection of data integrity (such mechanisms include e.g.
checksums and digital signatures), font data formats provide neither
privacy nor confidentiality protection internally; if needed, such
protection should be provided externally.
4. Definition and encoding
The "font" as the primary media content type indicates that the
content identified by it requires certain graphic subsystem such as
font rendering engine (and, in some cases, text layout and shaping
engine) to process font data, which in turn may require certain level
of hardware capabilities such as certain levels of CPU performance
and available memory. The "font" media type does not provide any
specific information about the underlying data format and how the
font information should be interpreted - the subtypes defined within
a "font" tree will name the specific font formats. Unrecognized sub-
types of "font" should be treated as "application/octet-stream".
Implementations may pass unrecognized subtypes to a common font-
handling system, if such system is available.
5. Defined subtypes
In this section the initial entries under the top-level 'font' MIME
type are documented. They also serve as examples for future
registrations.
Lilley Expires April 18, 2016 [Page 4]
�
Internet-Draft The font Primary Content Type October 2015
5.1. Generic SFNT font type
Type name: font
Subtype name: sfnt
Required parameters: None.
Optional parameters:
1) Name: Outlines Value: TTF, CFF, SVG
This parameter can be used to specify the type of outlines
supported by the font. Value "TTF" shall be used when a font
resource contains glyph outlines in TrueType format, value
"CFF" shall be used to identify fonts containing PostScript/CFF
outlines, and value SVG shall be used to identify fonts that
include SVG outlines. TTF, CFF or SVG outlines can be present
in various combinations in the same font file, therefore,
multiple values for the same optional parameter may be defined.
2) Name: Layout
Value: OTF, AAT, SIL
This parameter identifies the type of implemented support for
advanced text layout features. The predefined values "OTF",
"AAT" and " SIL" respectively indicate support for OpenType
text layout, Apple Advanced Typography or Graphite SIL. More
than one shaping and layout mechanism may be supported by the
same font file, therefore, multiple values for the same
optional parameter may be defined.
Encoding considerations: Binary.
Interoperability considerations: As it was noted in the first
paragraph of the "Security considerations" section, the same font
format wrapper can be used to encode fonts with different types of
glyph data represented as either TrueType or PostScript (CFF)
outlines. Existing font rendering engines may not be able to
process some of the particular outline formats, and downloading a
font resource that contains unsupported glyph data format would
result in inability of application to render and display text.
Therefore, it would be extremely useful to clearly identify the
format of the glyph outline data within a font using an optional
parameter, and allow applications to make decisions about
downloading a particular font resource sooner. Similar, another
optional parameter is suggested to identify the type of text
Lilley Expires April 18, 2016 [Page 5]
�
Internet-Draft The font Primary Content Type October 2015
shaping and layout mechanism that is supported by a font. Please
note that as new outline formats and text shaping mechanisms may
be defined in the future, the set of allowed values for two
optional parameters defined by this section may be extended.
Published specification: ISO/IEC 14496-22 "Open Font Format" (OFF)
specification being developed by ISO/IEC SC29/WG11.
Applications that use this media type: Any and all applications that
are able to create, edit or display textual media content.
Additional information:
Magic number(s): The TrueType fonts and OFF / OpenType fonts
containing TrueType outlines should use 0x00010000 as the
'sfnt' version number.
The OFF / OpenType fonts containing CFF data should use the tag
'OTTO' as 'sfnt' version number.
File extension(s): Font file extensions used for OFF / OpenType
fonts: .ttf, .otf
Typically, .ttf extension is only used for fonts containing
TrueType outlines, while .otf extension can be used for any
OpenType/OFF font, either with TrueType or CFF outlines.
Macintosh file type code(s): (no code specified)
@font-face Format: none.
Fragment Identifiers none.
Person & email address to contact for further information: Vladimir
Levantovsky (vladimir.levantovsky@monotype.com).
Intended usage: COMMON
Restrictions on usage: None
Author: The ISO/IEC 14496-22 "Open Font Format" specification is a
product of the ISO/IEC JTC1 SC29/WG11.
Change controller: The ISO/IEC has change control over this
specification.
Lilley Expires April 18, 2016 [Page 6]
�
Internet-Draft The font Primary Content Type October 2015
5.2. TTF font type
Type name: font
Subtype name: ttf
Required parameters: None.
Optional parameters:
Name: Layout Value: OTF, AAT, SIL
This parameter identifies the type of support mechanism for
advanced text layout features. The predefined values "OTF",
"AAT" and " SIL" respectively indicate support for OpenType
text layout, Apple Advanced Typography or Graphite SIL. More
than one shaping and layout mechanism may be supported by the
same font file, therefore, multiple values for the same
optional parameter may be defined.
Encoding considerations: Binary.
Interoperability considerations: As was noted in the first paragraph
of the "Security considerations" section, the same font format can
be used to encode fonts supporting different types of outlines
and/or text shaping and layout mechanisms. Existing font
rendering engine implementations may not be able to process some
of the particular layout table formats, and downloading a font
resource that contains unsupported text shaping mechanism would
result in inability of applications to display text properly.
Therefore, it would be extremely useful to clearly identify the
supported text shaping and layout data within a font using an
optional parameter, and allow applications to make decisions about
downloading a particular font resource sooner. Please note that
as new text shaping mechanisms may be defined in the future, the
set of allowed values for the optional parameter defined by this
section may be extended.
Published specification: ISO/IEC 14496-22 "Open Font Format" (OFF)
specification being developed by ISO/IEC SC29/WG11.
Applications that use this media type: Any and all applications that
are able to create, edit or display textual media content.
Additional information:
Lilley Expires April 18, 2016 [Page 7]
�
Internet-Draft The font Primary Content Type October 2015
Magic number(s): The TrueType fonts and OFF / OpenType fonts
containing TrueType outlines should use 0x00010000 as the
'sfnt' version number.
File extension(s): Font file extensions used for TrueType / OFF /
OpenType fonts: .ttf, .otf
Typically, .ttf extension is only used for fonts containing
TrueType outlines, while .otf extension may be used for any
OpenType/OFF font, either with TrueType or CFF outlines.
Macintosh file type code(s): (no code specified)
@font-face Format: truetype
Fragment Identifiers none.
Person & email address to contact for further information: Vladimir
Levantovsky (vladimir.levantovsky@monotype.com).
Intended usage: COMMON
Restrictions on usage: None
Author: The ISO/IEC 14496-22 "Open Font Format" specification is a
product of the ISO/IEC JTC1 SC29/WG11.
Change controller: The ISO/IEC has change control over this
specification.
5.3. OTF font type
Type name: font
Subtype name: otf
Required parameters: None.
Optional parameters
Name: Outlines Value: TTF, CFF, SVG
This parameter can be used to specify the type of outlines
supported by the font. Value "TTF" shall be used when a font
resource contains glyph outlines in TrueType format, value
"CFF" shall be used to identify fonts containing PostScript/CFF
outlines, and value SVG shall be used to identify fonts that
include SVG outlines. TTF, CFF or SVG outlines can be present
Lilley Expires April 18, 2016 [Page 8]
�
Internet-Draft The font Primary Content Type October 2015
in various combinations in the same font file, therefore,
multiple values for the same optional parameter may be defined.
Encoding considerations: Binary.
Interoperability considerations: As it was noted in the first
paragraph of the "Security considerations" section, the same font
format can be used to encode fonts with different types of glyph
data represented as either TrueType, PostScript (CFF) or SVG
outlines. Existing font rendering engines may not be able to
process some of the particular outline formats, and downloading a
font resource that contains unsupported glyph data format would
result in inability of application to render and display text.
Therefore, it would be extremely useful to clearly identify the
format of the glyph outline data within a font using an optional
parameter, and allow applications to make decisions about
downloading a particular font resource sooner. Please note that
as new outline formats may be defined in the future, the set of
allowed values for the optional parameter defined in this section
may be extended.
Published specification: ISO/IEC 14496-22 "Open Font Format" (OFF)
specification being developed by ISO/IEC SC29/WG11.
Applications that use this media type: Any and all applications that
are able to create, edit or display textual media content.
Additional information:
Magic number(s): The TrueType fonts and OFF / OpenType fonts
containing TrueType outlines should use 0x00010000 as the
'sfnt' version number.
The OFF / OpenType fonts containing CFF data should use the tag
'OTTO' as 'sfnt' version number.
File extension(s): Font file extensions used for OFF / OpenType
fonts: .ttf, .otf
Typically, .ttf extension is only used for fonts containing
TrueType outlines, while .otf extension can be used for any
OpenType/OFF font, either with TrueType, CFF or SVG outlines.
Macintosh file type code(s): (no code specified)
@font-face Format: opentype
Fragment Identifiers none.
Lilley Expires April 18, 2016 [Page 9]
�
Internet-Draft The font Primary Content Type October 2015
Person & email address to contact for further information: Vladimir
Levantovsky (vladimir.levantovsky@monotype.com).
Intended usage: COMMON
Restrictions on usage: None
Author: The ISO/IEC 14496-22 "Open Font Format" specification is a
product of the ISO/IEC JTC1 SC29/WG11.
Change controller: The ISO/IEC has change control over this
specification.
5.4. WOFF 1.0
Type name: font
Subtype name: woff
Required parameters: None.
Optional parameters: None.
Encoding considerations: Binary.
Interoperability considerations: None.
Published specification: This media type registration is extracted
from the WOFF specification [3] at W3C.
Applications that use this media type: WOFF is used by Web browsers,
often in conjunction with HTML and CSS.
Additional information:
Magic number(s): The signature field in the WOFF header MUST
contain the "magic number" 0x774F4646
File extension(s): woff
Macintosh file type code(s): (no code specified)
Macintosh Universal Type Identifier code: "org.w3c.woff"
@font-face Format: woff
Fragment Identifiers: none.
Lilley Expires April 18, 2016 [Page 10]
�
Internet-Draft The font Primary Content Type October 2015
Person & email address to contact for further information: Chris
Lilley (www-font@w3.org).
Intended usage: COMMON
Restrictions on usage: None
Author: The WOFF specification is a work product of the World Wide
Web Consortium's WebFonts Working Group.
Change controller: The W3C has change control over this
specification.
5.5. WOFF 2.0
Type name: font
Subtype name: woff2
Required parameters: None.
Optional parameters: None.
Encoding considerations: Binary.
Interoperability considerations: WOFF 2.0 is an improvement on WOFF
1.0. The two formats have different Internet Media Types,
different @font-face formats, and may be used in parallel.
Published specification: This media type registration is extracted
from the WOFF 2.0 specification [4] at W3C.
Applications that use this media type: WOFF 2.0 is used by Web
browsers, often in conjunction with HTML and CSS.
Additional information:
Magic number(s): The signature field in the WOFF header MUST
contain the "magic number" 0x774F4632 ('wOF2')
File extension(s): woff2
Macintosh file type code(s): (no code specified)
Macintosh Universal Type Identifier code: "org.w3c.woff2"
@font-face Format: woff2
Lilley Expires April 18, 2016 [Page 11]
�
Internet-Draft The font Primary Content Type October 2015
Fragment Identifiers none.
Person & email address to contact for further information: Chris
Lilley (www-font@w3.org).
Intended usage: COMMON
Restrictions on usage: None
Author: The WOFF2 specification is a work product of the World Wide
Web Consortium's WebFonts Working Group.
Change controller: The W3C has change control over this
specification.
6. References
6.1. URIs
[1] http://httparchive.org/
trends.php?s=All&minlabel=Nov+15+2010&maxlabel=Feb+15+2015
[2] http://goo.gl/zbDhUN
[3] http://www.w3.org/TR/WOFF
[4] http://www.w3.org/TR/WOFF2
Author's Address
Chris Lilley
W3C
2004 Route des Lucioles
Sophia Antipolis 06902
France
Email: chris@w3.org
Lilley Expires April 18, 2016 [Page 12]
