Registrations which use this '+xml' convention MUST also make reference to [RFC7303], specifically Section 5, in specifying fragment identifier syntax and semantics, and they MAY restrict the syntax to a specified subset of schemes, except that they MUST NOT disallow barenames or 'element' scheme pointers. They MAY further require support for other registered schemes. They also MAY add additional syntax (which MUST NOT overlap with [XPointerFramework] syntax) together with associated semantics, and MAY add additional semantics for barename XPointers which, as provided for in Section 5, will only apply when [RFC7303] does not define an interpretation.

In practice these constraints imply that for a fragment identifier addressed to an instance of a specific "xxx/yyy+xml" type, there are three cases:

For fragment identifiers matching the syntax defined in [XPointerFramework], where the fragment identifier resolves per the rules specified there, then process as specified there;

For fragment identifiers matching the syntax defined in [XPointerFramework], where the fragment identifier does _not_ resolve per the rules specified there, then process as specified in "xxx/yyy+xml";

For fragment identifiers _not_ matching the syntax defined in [XPointerFramework], then process as specified in "xxx/ yyy+xml". A fragment identifier of the form "xywh=160,120,320,240", as defined in [MediaFrags], which might be used in a URI for an XML-encoded image, would fall in this category.

The syntax and semantics of fragment identifiers specified for +json SHOULD be as specified for "application/json". (At publication of [RFC6839], there is no fragment identification syntax defined for "application/json".)

The syntax and semantics for fragment identifiers for a specific "xxx/yyy+json" SHOULD be processed as follows:

For cases defined in +json, where the fragment identifier resolves per the +json rules, then as specified in +json.

For cases defined in +json, where the fragment identifier does not resolve per the +json rules, then as specified in "xxx/ yyy+json".

For cases not defined in +json, then as specified in "xxx/yyy+json".

At publication of [RFC6839], there is no fragment identification syntax defined for +ber.

The syntax and semantics for fragment identifiers for a specific "xxx/yyy+ber" SHOULD be processed as follows:

For cases defined in +ber, where the fragment identifier resolves per the +ber rules, then as specified in +ber.

For cases defined in +ber, where the fragment identifier does not resolve per the +ber rules, then as specified in "xxx/ yyy+ber".

For cases not defined in +ber, then as specified in "xxx/yyy+ber".

Each individual media type registered with a +ber suffix can have additional security considerations.

BER has a type-length-value structure, and it is easy to construct malicious content with invalid length fields that can cause buffer overrun conditions.

BER allows for arbitrary levels of nesting, which may make it possible to construct malicious content that will cause a stack overflow.

Interpreters of the BER structures should be aware of these issues and should take appropriate measures to guard against buffer overflows and stack overruns in particular and malicious content in general.

The syntax and semantics of fragment identifiers specified for +cbor SHOULD be as specified for "application/cbor". (At publication of [RFC8949], there is no fragment identification syntax defined for "application/ cbor".)

The syntax and semantics for fragment identifiers for a specific "xxx/yyy+cbor" SHOULD be processed as follows:

* For cases defined in +cbor, where the fragment identifier resolves per the +cbor rules, then process as specified in +cbor.

* For cases defined in +cbor, where the fragment identifier does not resolve per the +cbor rules, then process as specified in "xxx/yyy+cbor".

* For cases not defined in +cbor, then process as specified in "xxx/yyy+cbor".

At publication of [RFC6839], there is no fragment identification syntax defined for +der.

The syntax and semantics for fragment identifiers for a specific "xxx/yyy+der" SHOULD be processed as follows:

For cases defined in +der, where the fragment identifier resolves per the +der rules, then as specified in +der.

For cases defined in +der, where the fragment identifier does not resolve per the +der rules, then as specified in "xxx/ yyy+der".

For cases not defined in +der, then as specified in "xxx/yyy+der".

Each individual media type registered with a +der suffix can have additional security considerations.

DER has a type-length-value structure, and it is easy to construct malicious content with invalid length fields that can cause buffer overrun conditions.

DER allows for arbitrary levels of nesting, which may make it possible to construct malicious content that will cause a stack overflow.

Interpreters of the DER structures should be aware of these issues and should take appropriate measures to guard against buffer overflows and stack overruns in particular and malicious content in general.

The syntax and semantics of fragment identifiers specified for +fastinfoset SHOULD be as specified for "application/fastinfoset". (At publication of [RFC6839], there is no fragment identification syntax defined for "application/fastinfoset".)

The syntax and semantics for fragment identifiers for a specific "xxx/ yyy+fastinfoset" SHOULD be processed as follows:

For cases defined in +fastinfoset, where the fragment identifier resolves per the +fastinfoset rules, then as specified in +fastinfoset.

For cases defined in +fastinfoset, where the fragment identifier does not resolve per the +fastinfoset rules, then as specified in "xxx/yyy+fastinfoset".

For cases not defined in +fastinfoset, then as specified in "xxx/yyy+fastinfoset".

The syntax and semantics of fragment identifiers specified for +wbxml SHOULD be as specified for "application/vnd.wap.wbxml". (At publication of [RFC6839], there is no fragment identification syntax defined for "application/vnd.wap.wbxml".)

The syntax and semantics for fragment identifiers for a specific "xxx/yyy+wbxml" SHOULD be processed as follows:

For cases defined in +wbxml, where the fragment identifier resolves per the +wbxml rules, then as specified in +wbxml.

For cases defined in +wbxml, where the fragment identifier does not resolve per the +wbxml rules, then as specified in "xxx/yyy+wbxml".

For cases not defined in +wbxml, then as specified in "xxx/yyy+wbxml".

The syntax and semantics of fragment identifiers specified for +zip SHOULD be as specified for "application/zip". (At publication of [RFC6839], there is no fragment identification syntax defined for "application/zip".)

The syntax and semantics for fragment identifiers for a specific "xxx/yyy+zip" SHOULD be processed as follows:

For cases defined in +zip, where the fragment identifier resolves per the +zip rules, then as specified in +zip.

For cases defined in +zip, where the fragment identifier does not resolve per the +zip rules, then as specified in "xxx/ yyy+zip".

For cases not defined in +zip, then as specified in "xxx/yyy+zip".

Each individual media type registered with a +tlv suffix can have additional security considerations.

As with any format with internal length fields, it is easy to construct malicious content with invalid length fields that can cause buffer overrun conditions.

TLV allows for arbitrary levels of nesting, which may make it possible to construct malicious content that will cause a stack overflow.

Interpreters of the TLV structures should be aware of these issues and should take appropriate measures to guard against buffer overflows and stack overruns in particular and malicious content in general.

The syntax and semantics of fragment identifiers specified for +json-seq SHOULD be as specified for "application/json-seq". (At publication of [RFC8091], there is no fragment identification syntax defined for "application/json-seq".)

The syntax and semantics for fragment identifiers for a specific "xxx/yyy+json-seq" SHOULD be processed as follows:

For cases defined in +json-seq, where the fragment identifier resolves per the +json-seq rules, then process as specified in +json-seq.

For cases defined in +json-seq, where the fragment identifier does not resolve per the +json-seq rules, then process as specified in "xxx/yyy+json-seq".

For cases not defined in +json-seq, then process as specified in "xxx/yyy+json-seq".

Same as for "application/vnd.sqlite3".

To allow identification of files when the media type name is not available, each individual "xxx/yyy+sqlite3" registration should specify an appliction ID value to be set with PRAGMA application_id (http://www.sqlite.org/pragma.html#pragma_application_id), and should specifiy it as a second magic number (file offset 68, see http://www.sqlite.org/fileformat2.html#application_id) in addition to the header string at offset 0. This value should also be added to the magic.txt file in the SQLite repository http://www.sqlite.org/src/artifact?ci=trunk&filename=magic.txt) by submitting a patch to <sqlite-users@mailinglists.sqlite.org>.

The syntax and semantics of fragment identifiers specified for +sqlite3 should be as specified for "application/vnd.sqlite3". (At publication of this document, there is no fragment identification syntax defined for "application/vnd.sqlite3".)

The syntax and semantics of fragment identifiers for a specific "xxx/yyy+sqlite3" should be processed as follows:

For cases defined in +sqlite3, where the fragment identifier resolves per the +sqlite3 rules, then as specified in +sqlite3.

For cases defined in +sqlite3, where the fragment identifier does not resolve per the +sqlite3 rules, then as specified in "xxx/yyy+sqlite3".

For cases not defined in +sqlite3, then as specified in "xxx/yyy+sqlite3".

All the security considerations for "application/vnd.sqlite3" apply to any type based on the sqlite3 format.

Each individual media type registered with a +sqlite3 suffix can have additional security considerations. For example, if a specific registration requires that certain extension functions are available, or that blob fields contain data to be processed by other libraries or external tools, or if only a single implementation exists to handle a specific registered media type, then this increases the known attack surface available to an attacker.

N/A

The syntax and semantics of fragment identifiers specified for +jwt SHOULD be as specified for "application/jwt". (At publication of [RFC8417], there is no fragment identification syntax defined for "application/jwt".)

The syntax and semantics for fragment identifiers for a specific "xxx/yyy+jwt" SHOULD be processed as follows:

For cases defined in +jwt where the fragment identifier resolves per the +jwt rules, process as specified in +jwt.

For cases defined in +jwt where the fragment identifier does not resolve per the +jwt rules, process as specified in "xxx/yyy+jwt".

For cases not defined in +jwt, process as specified in "xxx/ yyy+jwt".

See Section 11 of [RFC7519].

n/a

The syntax and semantics of fragment identifiers specified for +gzip SHOULD be as specified for "application/gzip". (At publication of [RFC8460], there is no fragment identification syntax defined for "application/gzip".) The syntax and semantics for fragment identifiers for a specific "xxx/yyy+gzip" SHOULD be processed as follows:

For cases defined in +gzip, where the fragment identifier resolves per the +gzip rules, process as specified in +gzip.

For cases defined in +gzip, where the fragment identifier does not resolve per the +gzip rules, process as specified in "xxx/yyy+gzip".

For cases not defined in +gzip, process as specified in "xxx/yyy+gzip".

gzip format doesn't provide confidentiality protection. Integrity protection is provided by an Adler-32 checksum, which is not cryptographically strong. See also the security considerations of [RFC6713]. Each individual media type registered with a +gzip suffix can have additional security considerations. Additionally, gzip objects can contain multiple files and associated paths. File paths must be validated when the files are extracted; a malicious file path could otherwise cause the extractor to overwrite application or system files.

n/a

The syntax and semantics of fragment identifiers specified for +cbor-seq SHOULD be as specified for "application/cbor-seq". (At publication of [RFC8742], there is no fragment identification syntax defined for "application/cbor-seq".)

The syntax and semantics for fragment identifiers for a specific "xxx/yyy+cbor-seq" SHOULD be processed as follows:

For cases defined in +cbor-seq, where the fragment identifier resolves per the +cbor-seq rules, then process as specified in +cbor-seq.

For cases defined in +cbor-seq, where the fragment identifier does not resolve per the +cbor-seq rules, then process as specified in "xxx/yyy+cbor-seq".

For cases not defined in +cbor-seq, then process as specified in "xxx/yyy+cbor-seq".

See [RFC8742], Section 5

N/A

The syntax and semantics of fragment identifiers specified for +zstd should be as specified for "application/zstd".

See Section 8 of [RFC8878].

Same as application/yaml

Unlike application/yaml, there is no fragment identification syntax defined for +yaml.

A specific xxx/yyy+yaml media type needs to define the syntax and semantics for fragment identifiers because the ones defined for application/yaml do not apply unless explicitly expressed.

Same as application/yaml

The "application/cose" media type has an optional parameter "cose-type". Any new media type that uses the +cose suffix and allows use of this parameter MUST specify this explicitly, per Section 4.3 of [RFC6838]. If the parameter "cose-type" is allowed, its usage MUST be identical to the usage defined for the "application/cose" media type in Section 2 of [RFC9052].

A COSE processor handling a media type "foo+cose" and which does not know the specific type "foo" SHOULD use the cose-type tag, if present, or cose-type parameter, if present, to determine the specific COSE object type during processing. If the specific type cannot be determined, it MUST assume only the generic COSE object structure and it MUST NOT perform security-critical operations using the COSE object.

N/A

See [RFC9052]