W3C home > Mailing lists > Public > www-tag@w3.org > December 2009

Re: Sniffing and HTTP-bis (ACTION-309)

From: Jonathan Rees <jar@creativecommons.org>
Date: Wed, 2 Dec 2009 10:10:23 -0500
Message-ID: <760bcb2a0912020710x4124d186jf8c0756ef563027f@mail.gmail.com>
To: David Booth <david@dbooth.org>
Cc: "Henry S. Thompson" <ht@inf.ed.ac.uk>, www-tag@w3.org
I think I'm with you, David, but concrete examples would help...
something like the following maybe? (at
http://mumble.net/~jar/message, haven't tried it with IE)

<html not="true">
<!-- The following is completely ludicrous, and I never would have
said it: -->
Jonathan's house is painted an ugly color.

If interpreted as having media type text/plain, it means one thing,
while if interpreted as text/html, it means the opposite.

This could be countered by saying that miscommunications like this
*are* security issues (consider the dubious case where the html
comment contains private information, and the document was interpreted
as plain when html was wanted); but it could also be countered by
saying that it's too artificial to be convincing.

Jonathan

On Wed, Dec 2, 2009 at 8:06 AM, David Booth <david@dbooth.org> wrote:
> A question:
>
> On Wed, 2009-12-02 at 12:23 +0000, Henry S. Thompson wrote:
> [ . . . ]
>> I took an action [3] to review the situation, and suggest further action
>> if necessary.
>>
>> I think we should in fact request the HTTPbis editors to reopen their
>> Ticket #155 [4] with a suggestion that something along the following
>> lines be added after the above-quoted paragraph in section 3.2.1:
>>
>>   If the Content-Type header field _is_ present, recipients SHOULD NOT
>>   examine the content and override the specified type if the change
>>   would significantly alter the security exposure ('privilege
>>   escalation').
>
> Why only "if the change would significantly alter the security
> exposure . . . "?  Why not also for other cases, where the user is just
> trying to get what the server is trying to send?
>
> David Booth
>
>>
>> This change is compatible with _Content-Type Processing Model_, a
>> draft "responsible sniffing" Internet-Draft [5].
>>
>> ht
>>
>> [1] http://www.w3.org/2001/tag/2009/09/24-minutes#item03
>> [2] http://trac.tools.ietf.org/wg/httpbis/trac/export/663/draft-ietf-httpbis/latest/p3-payload.html#rfc.section.3.2.1
>> [3] http://www.w3.org/2001/tag/group/track/actions/309
>> [4] http://trac.tools.ietf.org/wg/httpbis/trac/ticket/155
>> [5] http://ietfreport.isoc.org/idref/draft-abarth-mime-sniff/
>> - --
>>        Henry S. Thompson, School of Informatics, University of Edinburgh
>>                          Half-time member of W3C Team
>>       10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 650-4440
>>                 Fax: (44) 131 651-1426, e-mail: ht@inf.ed.ac.uk
>>                        URL: http://www.ltg.ed.ac.uk/~ht/
>> [mail really from me _always_ has this .sig -- mail without it is forged spam]
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.2.6 (GNU/Linux)
>>
>> iD8DBQFLFlxfkjnJixAXWBoRAqEiAJ96ixasPHacaeuNm3WzKkfsjaH9DACfQQ1a
>> sPg4wAPVxDp0jlqSkqwpeaQ=
>> =theI
>> -----END PGP SIGNATURE-----
>>
>>
>>
> --
> David Booth, Ph.D.
> Cleveland Clinic (contractor)
>
> Opinions expressed herein are those of the author and do not necessarily
> reflect those of Cleveland Clinic.
>
>
>
Received on Wednesday, 2 December 2009 15:11:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:18 GMT