Re: TAG requests addition to section 3.2.1 of Part 3 [#155]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Further to the TAG's suggestion in [1] regarding 'sniffing', and
replies from Yves Lafon [2] and Mark Nottingham [3], the TAG has asked
me to convey our thanks for your willingness to reopen this issue.
With some minor adjustments, we are happy that the text proposed at [2]
addresses most of our concerns.

We suggest the following two minor changes:

  does not correctly identify the content sent

 -->

  does not reflect the intended interpretation of the content sent

 and

  Such recipients SHOULD NOT

 -->

  Recipients SHOULD NOT

We would however prefer that something about this issue also remain in
section 3.1.2.  Perhaps keep

  If the Content-Type header field is present, a recipient which
  interprets the underlying data in a way inconsistent with the
  specified media type risks drawing incorrect conclusions.

in 3.1.2, adding something along the lines of "See [7.3] for a related
security issue.", but we are happy to leave this to your editorial
discretion.

We are less happy with the proposed addition suggested by Mark in [3],
on the grounds that it a) implies that documents have media types in
some intrinsic way, which we think is at best misleading, and that b)
the straw men it sets up will in fact be counterproductive.

ht, on behalf of the TAG

[1] http://lists.w3.org/Archives/Public/public-html/2010Mar/0493.html
[2] http://lists.w3.org/Archives/Public/public-html/2010Mar/0659.html
[3] http://lists.w3.org/Archives/Public/public-html/2010May/0330.html
[This message pertains to TAG ACTION-370]
- -- 
       Henry S. Thompson, School of Informatics, University of Edinburgh
      10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 650-4440
                Fax: (44) 131 651-1426, e-mail: ht@inf.ed.ac.uk
                       URL: http://www.ltg.ed.ac.uk/~ht/
 [mail from me _always_ has a .sig like this -- mail without it is forged spam]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFMD414kjnJixAXWBoRAr4EAJ9W4zFN1SywFjfMG8QQtXAiPPmaIwCfbAw2
rZ/VkbMn24RAI2S6OoMUDWU=
=dhkn
-----END PGP SIGNATURE-----

Received on Wednesday, 9 June 2010 12:48:27 UTC