Introducing SDF, the Safe Document Format

After quite some time of being quiet, I finally have something interesting to pass along to all of you: the Safe Document Format, or SDF for short. It’s designed explicitly to be used in situations where people give more than just a wink and a nod to cybersecurity. I don’t expect it to take the world by storm, but I do want to give developers options and it fills some needs that I have for Mensago.

I am often amazed by the variety of contexts where documents in Word or PDF format are found. My day job is as a sysadmin for a small IT services shop, and I’m surprised by how often people edit PDFs despite their being, well, really hard to edit. Then again, PDF in general is pretty terrible if you care about cybersecurity. I won’t go into heavy detail, but you know there’s a problem when you can specially craft a PDF document that is also a JPEG photo. Even if you know only a little about computers, this should strike you as strange. Programmers react to this with “LOL”, “That unholy thing SHOULD NOT BE, or something in between. Documents made in Microsoft Word or other Office programs are little better. Both have the ability to embed programming logic, which means that hackers can send you a specially-crafted PDF or PowerPoint file and break into your computer. Just lovely.

Lord of the Rings meme: "One does not simply edit PDFs."

Learning from the Web

Prompted by recognizing a need for good-looking messages for the Mensago platform, I began researching what a replacement should look like. It needed to be easy to write by hand, much like the early days of HTML. If my friends who lived in command line text editors like vim, nano, and emacs were going to use them for everything they could, why not be able to compose nice-looking e-mails at lightning speed, too? The new format had to be flexible and expressive enough that my Internet provider and the electric company could send me a bill that looked good enough to make me hate paying it a little less. Most importantly, computers needed to be able to process the format easily and be reasonably certain that the resulting information was correct. This last point is one of the reasons JSON is so popular: it’s easy to parse and easy to validate.

Features and Features to Come

I’ve had to make a side quest from finishing Mensago Connect to work on this, so I’m intentionally not implementing everything that SDF will eventually have, but there’s a lot to get excited about as a content developer.

First, SDF documents use a custom-designed plaintext markup language internally called Safe Formatted Text Markup (SFTM) which is inspired by BBCode. Web developers will appreciate that it uses a subset CSS for custom styling. Because privacy is important, all documents are completely self-contained, so no Internet access is required and your online location can’t be leaked. Optional digital signatures and encryption are part of the design, and it dovetails naturally with Mensago’s identity infrastructure without requiring it. Compared with HTML, SDF is also strict, so each opening tag indicator has a corresponding closing one, for example. In short, SDF is like a stricter, self-contained HTML without all the boneheaded decisions and legacy kept around for backward compatibility.

SDF will also be great because of what it doesn’t have. It doesn’t have JavaScript, WASM, or any other support for scripting, for that matter. Executable code of any kind, in fact, is strictly forbidden, so you can be at least a bit of peace of mind. Font embedding is also prohibited because hackers use those, too. At the same time, if a programmer wants to build into their software the ability to detect, download, and use fonts on the fly, any negative consequences that arise are on their head for doing it. There will be no vendor lock-in; this is an open standard and all libraries I’m developing are open source. I’m also not using C–I’ve had more than my fill of buffer overflows and use-after-free errors, thank you.

Going Further

Like Mensago, SDF is a one-person project done in my very-limited free time right now, so it doesn’t move nearly as quickly as I’d like. If you know how to program in Rust or Kotlin and would like to help out, please drop me a line or, if you would like to help financially, I have Patreon and Liberapay, too. Sometime soon I’ll be writing a more technical deep-dive into SDF, but if you’d like to learn more before then, you can read the specification.