DISPATCH M. Kucherawy, Ed. Internet-Draft Intended status: Informational W. Kumari Expires: 27 October 2025 R. Sloan Google 25 April 2025 Media Type Registration for Protocol Buffers draft-murray-dispatch-mime-protobuf-00 Abstract This document registers media types for Protocol Buffers, a common extensible mechanism for serializing structured data. About This Document This note is to be removed before publishing as an RFC. The latest revision of this draft can be found at https://github.com/wkumari/draft-murray-dispatch-mime-protobuf. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-murray-dispatch-mime- protobuf/. Discussion of this document takes place on the DISPATCH Working Group mailing list (mailto:dispatch@ietf.org), which is archived at https://www.ietf.org/mailman/listinfo/dispatch. Subscribe at https://www.ietf.org/mailman/listinfo/dispatch/. Source for this draft and an issue tracker can be found at https://github.com//wkumari/draft-murray-dispatch-mime-protobuf. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." Kucherawy, et al. Expires 27 October 2025 [Page 1] Internet-Draft Media Type Registration for Protocol Buf April 2025 This Internet-Draft will expire on 27 October 2025. Copyright Notice Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Payload Description . . . . . . . . . . . . . . . . . . . . . 3 3. Encoding Considerations . . . . . . . . . . . . . . . . . . . 3 4. Security Considerations . . . . . . . . . . . . . . . . . . . 4 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 5.1. Registration for the "application/protobuf" Media Type . 4 5.2. Registration for "application/protobuf+json" Media Type . . . . . . . . . . . . . . . . . . . . . . . . . . 6 6. Contact . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 7.1. Normative References . . . . . . . . . . . . . . . . . . 7 7.2. Informative References . . . . . . . . . . . . . . . . . 8 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 1. Introduction Protocol Buffers ("protobufs") were introduced in 2008 as a free, open source, platform-independent mechanism for transport and storage of structured data: their use has become increasingly common and Protobuf implementations exist in many languages (C++, C#, Dart, Go, Java, Kotlin, Objective-C, Python, JavaScript, Ruby, Swift, and perhaps others). See [Protobuf] for more information. Protobuf consists of an interface definition language, wire encoding formats, and language-specific implementations (typically involving a generated API) so that clients and servers can be easily deployed using a common schema. Protobuf supports multiple wire formats for interchange: [Binary], which is optimized for wire efficiency, and [ProtoJSON], which maps the Protobuf schema onto a JSON structure. Kucherawy, et al. Expires 27 October 2025 [Page 2] Internet-Draft Media Type Registration for Protocol Buf April 2025 Serialized objects are occasionally transported within media that make use of media types (see [RFC2045] et seq) to identify payloads. Accordingly, current and historical media types used for this purpose would benefit from registration. This document requests those registrations of IANA. 2. Payload Description These media types are used in the transport of serialized objects only. The IDL and object definitions, if transported, would be used with any appropriate text media type. In the three figures below, only the third of these would ever be used with these media types (a JSON example is depicted). An example use of the IDL to specify a "Person" object: edition = "2023"; message Person { string name = 1; int32 id = 2; string email = 3; } An example of python code that uses code generated from the IDL definition above to create an instance of a "Person" object: person = Person() person.id = 1234 person.name = "John Doe" person.email = "jdoe@example.com" An example of the above instance expressed in JSON: { "name": "John Doe", "id": 1234, "email": "jdoe@example.com" } 3. Encoding Considerations Protobuf supports only the [Binary] and [ProtoJSON] for interchange, both of which are platform-independent. For binary forms that need to transit non-binary transports, a base64 Content-Transfer-Encoding (xref to [RFC4648]) is recommended. Kucherawy, et al. Expires 27 October 2025 [Page 3] Internet-Draft Media Type Registration for Protocol Buf April 2025 4. Security Considerations The payload for these media types contain no directly executable code. While it is common for a protobuf definition to be used as input to a code generator which then produces something executable, but that applies to the schema language, not serializations. Protobuf provides no security, privacy, integrity, or compression services: clients or servers for which this is a concern should avail themselves of solutions that provide such capabilities (e.g. [RFC8446]). Implementations should be careful when processing Protobuf like any binary format: a malformed request to a protobuf server could be crafted to, for example, allocate a very large amount of memory, potentially impacting other operations on that server. In order to safely use Protobuf serializations on the web, it is important to ensure that they cannot be interpreted as another document type, such as JavaScript. For this reason, we recommend that binary protobuf serializations be wrapped in a Base64 Content- Transfer-Encoding according to [RFC2045]. Further, when using JSON serializations it is important that it is clear to browsers that the content is pure JSON, so that they can inhibit Cross-Site Script Inclusion or side-channel attacks using techniques such as Cross- Origin Read Blocking ([CORB]). Per [RFC6839], pure JSON content can be indicated by a +json subtype suffix (see also [MIMESNIFF]); so when serializing Protobuf content to JSON, users MUST use the application/protobuf+json MIME type. Further, charset can prevent certain encoding confusion attacks so users should specify it for all JSON encodings. In the [Any] type there is technically a link, which was intended to be dereferenced to obtain schemas for a given type; however this is not supported by widely used Protobuf implementations. 5. IANA Considerations This document requests the registration of application/protobuf and application/protobuf+json as media types for Protobuf, and the notation of application/x-protobuf, application/x-protobuffer, and application/x-protobuf+json as deprecated aliases: 5.1. Registration for the "application/protobuf" Media Type Type name: application Subtype name: protobuf Required parameters: none Kucherawy, et al. Expires 27 October 2025 [Page 4] Internet-Draft Media Type Registration for Protocol Buf April 2025 Optional parameters: * encoding, which indicates the type of Protobuf encoding and is "binary" by default for application/protobuf, indicating the [Binary] format. Clients MUST reject JSON encodings without the +json subtype suffix and MUST reject unknown encodings. At the time of writing, no other encoding can be used for application/ protobuf so this parameter is for extensibility. * version, which indicates the version of the encoding specification. Clients MUST reject unknown version settings. At the time of writing, no protobuf encodings are versioned so this parameter is for extensibility. Encoding considerations: binary Security considerations: see Section 4 Interoperability considerations: The Protobuf specification includes versioning provisions to ensure backward compatibility when encountering payloads with unknown properties. Published specification: [Protobuf] Applications that use this media type: Any application with a need to exchange or store structured objects across platforms or implementations. Fragment identifier considerations: None. Additional information: Deprecated alias names for this type: `application/x-protobuf`, `application/x-protobuffer` Magic number(s): File extension(s): Macintosh file type code(s): Person & email address to contact for further information: Protobuf Intended usage: COMMON Restrictions on usage: None Author: Rob Sloan Change controller: Protobuf Kucherawy, et al. Expires 27 October 2025 [Page 5] Internet-Draft Media Type Registration for Protocol Buf April 2025 Provisional registration? (standards tree only): No 5.2. Registration for "application/protobuf+json" Media Type Type name: application Subtype name: protobuf+json Required parameters: charset, which MUST be set to utf-8 (case- insensitive). Optional parameters: * encoding, which indicates the type of Protobuf encoding and is json by default for application/protobuf+json, indicating the [ProtoJSON] format. Clients MUST reject binary encodings with +json and MUST reject unknown encodings. At the time of writing, no other encoding can be used for application/protobuf+json so this parameter is for extensibility. * version, which indicates the version of the encoding specification. Clients MUST reject unknown version settings. At the time of writing, no protobuf encodings are versioned so this parameter is for extensibility. Encoding considerations: Same as encoding considerations of application/json as specified in [RFC7159], Section 11. Security considerations: see Section 4 Interoperability considerations: The Protobuf specification includes versioning provisions to ensure backward compatibility when encountering payloads with unknown properties. Published specification: [Protobuf] Applications that use this media type: Any application with a need to exchange or store structured objects across platforms or implementations. Fragment identifier considerations: None. Additional information: Deprecated alias names for this type: x-protobuf+json Magic number(s): File extension(s): Macintosh file type code(s): Kucherawy, et al. Expires 27 October 2025 [Page 6] Internet-Draft Media Type Registration for Protocol Buf April 2025 Person & email address to contact for further information: Protobuf Intended usage: COMMON Restrictions on usage: None Author: Rob Sloan Change controller: Protobuf Provisional registration? (standards tree only): No 6. Contact Please contact protobuf-team@google.com for requests to adjust this specification. Issues may be raised at https://github.com/protocolbuffers/protobuf. 7. References 7.1. Normative References [Protobuf] "Protocol Buffers", n.d., . [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, DOI 10.17487/RFC2045, November 1996, . [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types", RFC 2046, DOI 10.17487/RFC2046, November 1996, . [RFC2077] Nelson, S., Parks, C., and Mitra, "The Model Primary Content Type for Multipurpose Internet Mail Extensions", RFC 2077, DOI 10.17487/RFC2077, January 1997, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . Kucherawy, et al. Expires 27 October 2025 [Page 7] Internet-Draft Media Type Registration for Protocol Buf April 2025 [RFC4289] Freed, N. and J. Klensin, "Multipurpose Internet Mail Extensions (MIME) Part Four: Registration Procedures", BCP 13, RFC 4289, DOI 10.17487/RFC4289, December 2005, . [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006, . [RFC6657] Melnikov, A. and J. Reschke, "Update to MIME regarding "charset" Parameter Handling in Textual Media Types", RFC 6657, DOI 10.17487/RFC6657, July 2012, . [RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type Specifications and Registration Procedures", BCP 13, RFC 6838, DOI 10.17487/RFC6838, January 2013, . [RFC6839] Hansen, T. and A. Melnikov, "Additional Media Type Structured Syntax Suffixes", RFC 6839, DOI 10.17487/RFC6839, January 2013, . [RFC7159] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March 2014, . [RFC7303] Thompson, H. and C. Lilley, "XML Media Types", RFC 7303, DOI 10.17487/RFC7303, July 2014, . [RFC8081] Lilley, C., "The "font" Top-Level Media Type", RFC 8081, DOI 10.17487/RFC8081, February 2017, . [RFC9694] Dürst, M.J., "Guidelines for the Definition of New Top- Level Media Types", BCP 13, RFC 9694, DOI 10.17487/RFC9694, March 2025, . [RFC9695] Muthusamy, Y. K. and C. Ullrich, "The 'haptics' Top-Level Media Type", RFC 9695, DOI 10.17487/RFC9695, March 2025, . 7.2. Informative References Kucherawy, et al. Expires 27 October 2025 [Page 8] Internet-Draft Media Type Registration for Protocol Buf April 2025 [Any] Protobuf, "any.proto Schema Definition", n.d., . [Binary] Protobuf, "Protobuf Binary Wire Encoding Spec", n.d., . [CORB] Chromium, "Cross-Origin Read Blocking for Web Developers", n.d., . [Edition2023] Protobuf, "Proto Edition 2023 Schema Language Specification", n.d., . [MIMESNIFF] WHATWG, "MIME Sniffing: Living Standard", n.d., . [Proto2] Protobuf, "Proto2 Schema Language Specification", n.d., . [Proto3] Protobuf, "Proto3 Schema Language Specification", n.d., . [ProtoJSON] Protobuf, "Protobuf JSON Wire Encoding Spec", n.d., . [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, . Acknowledgments Orie Steele provided valuable feedback to this work. Authors' Addresses Murray S. Kucherawy (editor) Email: superuser@gmail.com Warren Kumari Google Email: warren@kumari.net Kucherawy, et al. Expires 27 October 2025 [Page 9] Internet-Draft Media Type Registration for Protocol Buf April 2025 Rob Sloan Google Email: rmsj@google.com Kucherawy, et al. Expires 27 October 2025 [Page 10]