RE: Microsoft's "I mean it" content-type parameter

>> There are
>> situations where it doesn't. The only way to resolve it is to have a flag
>> that triggers a "no sniffing mode"; to do it the other way around (with a
>> flag that *turns on* sniffing mode) would contradict existing behavior and
>> therefore Break The Web.

> Nonsense.  HTTP/1.1 defined the mechanism to do just this.  The fact that
> vendors ignored this, suffered the consequences on vuln-dev and bugtraq,
> and will continue to do so until they follow the protocol reiterates that
> sniffing has a place, and within a well defined protocol this isn't it.

It is quite clear that you are ignoring the point here. The point is *not* what the spec says. As you point out, there is a serious disconnect between reality and the spec. What you are essentially saying is, "if everyone just followed the spec, everything would be fine." Which is true. But it is also not what happened. Which is the point.

Getting the currently HTML spec to handle the current reality in a way that not only leaves existing applications un-broken (regardless of their usage of a non-standard behavior) while also providing an option for avoiding the non-standard behavior is the challenge here. I am curious what you think would be a good approach to resolving this situation as it currently stands. And just re-writing the browsers to stop content sniffing is not a realistic answer, nor one that meets the goals set forth.

J.Ja

Received on Friday, 4 July 2008 04:20:42 UTC