security
Click on the red underlined text to get to the source
... active"
(computational) material. (The latter, in particular, can pose
security problems that must be understood by implementors, and are
considered in detail in the discussion ...
... Security Requirements ...
...
An analysis of security issues MUST be done for all types registered
in the standards Tree. A similar analysis for media types ...
... vendor or personal trees is encouraged but not required.
However, regardless of what security analysis has or has not been
done, all descriptions of security issues MUST be as accurate as
...
... However, regardless of what security analysis has or has not been
done, all descriptions of security issues MUST be as accurate as
possible regardless of registration tree. In particular, a statement
...
... possible regardless of registration tree. In particular, a statement
that there are "no security issues associated with this type" MUST
NOT be confused with "the security issues associates ...
... security issues associated with this type" MUST
NOT be confused with "the security issues associates with this type
have not been assessed".
...
... tree be secure or completely free from risks. Nevertheless, all
known security risks MUST be identified in the registration of a
media type ...
... in Section 6 below.
Some of the issues that should be looked at in a security analysis of
a media type are:
...
... o A media type might be targeted for applications that require some
sort of security assurance but not provide the necessary security
mechanisms themselves. For example, a media type could be defined
...
... media type might be targeted for applications that require some
sort of security assurance but not provide the necessary security
mechanisms themselves. For example, a media type could be defined
for storage of confidential medical information that in turn
...
... versions and external profiling
information, and a review of any interoperability or security
considerations. The submitter may submit a revised registration or
abandon the registration ...
...
o All media types MUST have a reasonable security considerations
section. (It is neither possible nor necessary for the IANA to
...
... section. (It is neither possible nor necessary for the IANA to
conduct a comprehensive security review of media type
registrations. Nevertheless, the IANA has the authority ...
... Security Considerations ...
...
Security requirements for media type registrations are discussed in
Section 4.6.
...
...
o The rules and requirements for constructing security
considerations sections have been extended and clarified.
o RFC 3023prop ...