W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2008

Re: security impact of dropping charset default

From: David Morris <dwm@xpasc.com>
Date: Wed, 23 Jan 2008 09:08:26 -0800 (PST)
cc: <ietf-http-wg@w3.org>
Message-ID: <Pine.LNX.4.33.0801230906100.17276-100000@egate.xpasc.com>



On Wed, 23 Jan 2008, Julian Reschke wrote:

> Anne van Kesteren wrote:
> > What does deprecate mean? If support for UTF-7 can't be removed than
> > deprecating it will hardly matter. (I'm not sure whether support can or
> > can not be removed, but I'd expect there to be content to rely on it.)
> > Roy's suggestion of not sniffing for it seems like better advice to
> > implementors than a notion of it being deprecated.
>
> Understood and agreed -- but where does that advice belong into? HTML5
> or HTTPbis? I would have thought the former...

It seems to me that if there is a known security exposure for applications
built on HTTP, then the httpbis document should at the minimum note the
issue and provide a reference to the details. Seems like appropriate
content for the security section.

Dave Morris
Received on Wednesday, 23 January 2008 17:08:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:36 GMT