W3C home > Mailing lists > Public > www-tag@w3.org > October 2010

RE: mime-web-info 6.1 feedback

From: Larry Masinter <masinter@adobe.com>
Date: Sat, 30 Oct 2010 12:17:47 -0700
To: Noah Mendelsohn <nrm@arcanedomain.com>
CC: "eric@bisonsystems.net" <eric@bisonsystems.net>, "www-tag@w3.org" <www-tag@w3.org>, Adam Barth <ietf@adambarth.com>
Message-ID: <C68CB012D9182D408CED7B884F441D4D0476C14EF2@nambxv01a.corp.adobe.com>
I could imagine doing a "live editing" session if people had
markups to

http://tools.ietf.org/id/draft-masinter-mime-web-info-01.html

but it isn't the normal sort of thing we do....

If you want to see the changes,

http://tools.ietf.org/rfcdiff?url2=draft-masinter-mime-web-info-01.txt

will show you what changed.

Larry
--
http://larry.masinter.net


-----Original Message-----
From: Noah Mendelsohn [mailto:nrm@arcanedomain.com] 
Sent: Wednesday, October 27, 2010 7:44 AM
To: Larry Masinter
Cc: eric@bisonsystems.net; www-tag@w3.org; Adam Barth
Subject: Re: mime-web-info 6.1 feedback

Larry,

I haven't had time to read this revision yet.  Do you feel there's enough 
new that we should spend some time with TAG members at TPAC Monday morning 
to work through the changes?  Since we just did a lot of work in Mountain 
View, the agenda for Monday at TPAC is more open than usual.  Thank you.

Noah

On 10/26/2010 2:44 AM, Larry Masinter wrote:
> Up against the deadline for submitting new versions, I posted
>
> http://tools.ietf.org/html/draft-masinter-mime-web-info-01
>
> without carefully addressing your comment on the "applications that use
> this type" in what had been section 6.1 (in fact, the text in -01 is
> unfortunately incoherent.)
>
> I was thinking about this, and wonder if the issue is really around the
> security considerations for sniffing and privilege escalation...
>
> Content that allows hyperlinks to embedded content
>
> -- which is (or is not) commonly automatically retrieved to display
>
> E.g., html with embedded IMG tags
>
> Content that contains scripting:
>
> where script content can access the internet
>
> -- with or without sandboxing
>
> where script content can access the "local file system"
>
> Content that is not intended to be scriptable
>
> Buggy software can turn a JPEG into scriptable content which accesses the
> local file system, but it's "buggy"?
>
> Turning text/plain into malicious content might involve attacks on the UTF8
> decoders?
>
> Note that some fonts are scriptable....
>
> Larry
>
> --
>
> http://larry.masinter.net
>
Received on Saturday, 30 October 2010 19:18:17 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:28 GMT