W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2009

Re: Questions about draft-abarth-mime-sniff-00

From: Adam Barth <w3c@adambarth.com>
Date: Mon, 6 Apr 2009 13:59:10 -0700
Message-ID: <7789133a0904061359h4ce838d1we375353ee843830c@mail.gmail.com>
To: Lisa Dusseault <lisa.dusseault@messagingarchitects.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Mon, Apr 6, 2009 at 1:07 PM, Lisa Dusseault
<lisa.dusseault@messagingarchitects.com> wrote:
> That makes more sense now.  It might be nice to specifically mention that
> the threat model assumes that the server can lie about Content-Type anyway,
> and in the security considerations warn that a server might trick clients
> into handling one content type as another if the client isn't careful.

Will do.

> I now think we mean something completely different by "extension".  I had
> assumed "protocol extension", i.e. a specification that extends HTTP, but
> now I see you mean "file name extension".

I'll clarify this.

Adam
Received on Monday, 6 April 2009 21:00:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:02 GMT