On Mon, Apr 6, 2009 at 1:07 PM, Lisa Dusseault <lisa.dusseault@messagingarchitects.com> wrote: > That makes more sense now. It might be nice to specifically mention that > the threat model assumes that the server can lie about Content-Type anyway, > and in the security considerations warn that a server might trick clients > into handling one content type as another if the client isn't careful. Will do. > I now think we mean something completely different by "extension". I had > assumed "protocol extension", i.e. a specification that extends HTTP, but > now I see you mean "file name extension". I'll clarify this. AdamReceived on Monday, 6 April 2009 21:00:06 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:38:37 GMT