W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2009

Re: Questions about draft-abarth-mime-sniff-00

From: Adam Barth <w3c@adambarth.com>
Date: Sat, 30 May 2009 15:56:22 -0700
Message-ID: <7789133a0905301556g58295daekb25ddfaab96cafc9@mail.gmail.com>
To: Lisa Dusseault <lisa.dusseault@messagingarchitects.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Mon, Apr 6, 2009 at 1:07 PM, Lisa Dusseault
<lisa.dusseault@messagingarchitects.com> wrote:
> That makes more sense now.  It might be nice to specifically mention that
> the threat model assumes that the server can lie about Content-Type anyway,
> and in the security considerations warn that a server might trick clients
> into handling one content type as another if the client isn't careful.

Thanks.  I've added this note to the draft.  Let me know if you'd like
more exposition here.

Adam
Received on Saturday, 30 May 2009 22:57:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:03 GMT