W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 2000

RE: webmail vulnerabilities: a new pragma token?

From: Josh Cohen <joshco@Exchange.Microsoft.com>
Date: Thu, 20 Jan 2000 12:54:29 -0800
Message-ID: <BFF90FB6CF66D111BF4F0000F840DB850BCBC013@lassie.dns.microsoft.com>
To: "'Eric D. Williams'" <eric@infobro.com>, "'Larry Masinter'" <masinter@attlabs.att.com>
Cc: "'http-wg@hplb.hpl.hp.com'" <http-wg@hplb.hpl.hp.com>
> -----Original Message-----
> From: Eric D. Williams [mailto:eric@infobro.com]
> Sent: Thursday, January 20, 2000 12:16 PM
> To: 'Larry Masinter'
> Cc: 'http-wg@hplb.hpl.hp.com'
> Subject: RE: webmail vulnerabilities: a new pragma token?
> > Larry said:
> > 
> > At least it would have the right extension behavior, namely
> > that unaware recipients might save the content to disk but would
> > be less likely to open it.
> 
> Eric said:
> 
> I don't know about that; if its not safe to a later 'aware' 
> recipient is 
> probable and good, but older clients would not be able to 
> discriminate.  That 
> could set up an interesting situation where browsers are updated or 
> trust-levels are upgraded; Excellent though.
> 
Maybe Im misreading your words, but I think you missed
part of larry's point.  By using a new MIME type,
older browsers would implicitly discriminate.
Today, a browser that gets an unknown mime time, which this
new one would be, it will prompt the user to save it to disk
instead of showing it.

This would effectively prevent it from being displayed
or executed without user consent.

> Eric
> 
> Eric Williams, Pres.
> Information Brokers, Inc.    Phone: +1 202.889.4395
> http://www.infobro.com/        Fax: +1 202.889.4396
> mailto:eric@infobro.com
>            For More Info: info@infobro.com
> 
Received on Thursday, 20 January 2000 21:15:18 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:35 EDT