W3C home > Mailing lists > Public > www-tag@w3.org > December 2009

Re: Sniffing and HTTP-bis (ACTION-309)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 02 Dec 2009 19:25:17 +0100
Message-ID: <4B16B10D.4070303@gmx.de>
To: David Booth <david@dbooth.org>
CC: Jonathan Rees <jar@creativecommons.org>, "Henry S. Thompson" <ht@inf.ed.ac.uk>, www-tag@w3.org
David Booth wrote:
> ...
> But my question was innocent.  I wasn't sure whether
> non-security-related cases had already been ruled out for some reason.
> If there isn't a particular reason to exclude them, I would suggest
> adding the word "especially" to the proposed update:
> 
>   If the Content-Type header field _is_ present, recipients SHOULD NOT
>   examine the content and override the specified type, *especially* if the 
>   change would significantly alter the security exposure ('privilege
>   escalation').
> ...

I personally think that SHOULD NOT is good advice. However, that has 
failed in practice. UAs *do* sniff.

If you're serious about this, how about getting this into HTML5?

Best regards, Julian
Received on Wednesday, 2 December 2009 18:25:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:18 GMT