W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2010

Re: TAG requests addition to section 3.2.1 of Part 3 [#155]

From: David Morris <dwm@xpasc.com>
Date: Wed, 24 Mar 2010 17:37:58 -0700 (PDT)
To: "'HTTP Working Group'" <ietf-http-wg@w3.org>
cc: public-html@w3.org, www-tag@w3.org
Message-ID: <Pine.LNX.4.64.1003241734490.24719@egate.xpasc.com>

On Wed, 24 Mar 2010, Yves Lafon wrote:

> 7.3 Media Type Issue
>   If the Content-Type header field is present, a recipient which
>   interprets the underlying data in a way inconsistent with the
>   specified media type risks drawing incorrect conclusions.
>   In practice, however, currently-deployed servers sometime provide a
>   Content-Type header which does not correctly identify the content
>   sent, with the result that some classes of recipients have adopted a
>   policy of examining the content and overriding the specified type.
>   Deploying any heuristic for detecting mistaken Content-Types risks
>   overriding user intentions and misrepresenting data. It may also
>   significantly increase the security exposure ('privilege escalation');
>   Such recipients SHOULD NOT override the specified type it there are
                                                    wrong ^^^^ word

>   known security risks and they SHOULD provide for users to disable such
>   heuristic Content-Type detection.

Nice artistic avoidance of the sniffword... I have no objection providing
'it' doesn't become something I haven't tried in context.

Dave Morris
Received on Thursday, 25 March 2010 00:38:35 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:52 UTC