W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2008

Re: security impact of dropping charset default

From: Yves Lafon <ylafon@w3.org>
Date: Thu, 24 Jan 2008 11:30:28 -0500 (EST)
To: Mark Nottingham <mnot@mnot.net>
Cc: Adrien de Croy <adrien@qbik.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <Pine.LNX.4.64.0801241115360.29286@ubzre.j3.bet>

On Thu, 24 Jan 2008, Mark Nottingham wrote:

> Are you saying that you're against adding a sentence or two to Security 
> Considerations about this issue? So far, I've seen pretty strong support for 
> doing so from a variety of people.

It would be a nice addition to describe the issue in general, not only for 
HTML content, when UA are into the "content sniffing" business. It fits 
well in the security section of HTTP.

The specific case of HTML needs also to be explained, but has its place in 
a document reserved for browser implementors. I am pretty sure there is 
already one that can be extended that way.

-- 
Baroula que barouleras, au tiéu toujou t'entourneras.

         ~~Yves
Received on Thursday, 24 January 2008 16:30:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:36 GMT