- From: Jonathan Rees <jar@creativecommons.org>
- Date: Wed, 2 Dec 2009 10:10:23 -0500
- To: David Booth <david@dbooth.org>
- Cc: "Henry S. Thompson" <ht@inf.ed.ac.uk>, www-tag@w3.org
I think I'm with you, David, but concrete examples would help...
something like the following maybe? (at
http://mumble.net/~jar/message, haven't tried it with IE)
<html not="true">
<!-- The following is completely ludicrous, and I never would have
said it: -->
Jonathan's house is painted an ugly color.
If interpreted as having media type text/plain, it means one thing,
while if interpreted as text/html, it means the opposite.
This could be countered by saying that miscommunications like this
*are* security issues (consider the dubious case where the html
comment contains private information, and the document was interpreted
as plain when html was wanted); but it could also be countered by
saying that it's too artificial to be convincing.
Jonathan
On Wed, Dec 2, 2009 at 8:06 AM, David Booth <david@dbooth.org> wrote:
> A question:
>
> On Wed, 2009-12-02 at 12:23 +0000, Henry S. Thompson wrote:
> [ . . . ]
>> I took an action [3] to review the situation, and suggest further action
>> if necessary.
>>
>> I think we should in fact request the HTTPbis editors to reopen their
>> Ticket #155 [4] with a suggestion that something along the following
>> lines be added after the above-quoted paragraph in section 3.2.1:
>>
>> If the Content-Type header field _is_ present, recipients SHOULD NOT
>> examine the content and override the specified type if the change
>> would significantly alter the security exposure ('privilege
>> escalation').
>
> Why only "if the change would significantly alter the security
> exposure . . . "? Why not also for other cases, where the user is just
> trying to get what the server is trying to send?
>
> David Booth
>
>>
>> This change is compatible with _Content-Type Processing Model_, a
>> draft "responsible sniffing" Internet-Draft [5].
>>
>> ht
>>
>> [1] http://www.w3.org/2001/tag/2009/09/24-minutes#item03
>> [2] http://trac.tools.ietf.org/wg/httpbis/trac/export/663/draft-ietf-httpbis/latest/p3-payload.html#rfc.section.3.2.1
>> [3] http://www.w3.org/2001/tag/group/track/actions/309
>> [4] http://trac.tools.ietf.org/wg/httpbis/trac/ticket/155
>> [5] http://ietfreport.isoc.org/idref/draft-abarth-mime-sniff/
>> - --
>> Henry S. Thompson, School of Informatics, University of Edinburgh
>> Half-time member of W3C Team
>> 10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 650-4440
>> Fax: (44) 131 651-1426, e-mail: ht@inf.ed.ac.uk
>> URL: http://www.ltg.ed.ac.uk/~ht/
>> [mail really from me _always_ has this .sig -- mail without it is forged spam]
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.2.6 (GNU/Linux)
>>
>> iD8DBQFLFlxfkjnJixAXWBoRAqEiAJ96ixasPHacaeuNm3WzKkfsjaH9DACfQQ1a
>> sPg4wAPVxDp0jlqSkqwpeaQ=
>> =theI
>> -----END PGP SIGNATURE-----
>>
>>
>>
> --
> David Booth, Ph.D.
> Cleveland Clinic (contractor)
>
> Opinions expressed herein are those of the author and do not necessarily
> reflect those of Cleveland Clinic.
>
>
>
Received on Wednesday, 2 December 2009 15:11:05 UTC