- From: Henrik Nordstrom <henrik@henriknordstrom.net>
- Date: Mon, 07 Jul 2008 15:19:38 +0200
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Ian Hickson <ian@hixie.ch>, Sam Ruby <rubys@us.ibm.com>, HTTP Working Group <ietf-http-wg@w3.org>, "public-html@w3.org" <public-html@w3.org>
- Message-Id: <1215436778.20418.79.camel@henriknordstrom.net>
[sorry for the missing red thread in this message, please read it in full before responding] On mån, 2008-07-07 at 09:33 +0200, Julian Reschke wrote: > The IETF HTTPbis working group has no mandate to do so. Thus it would > need to be rechartered, or a new WG would have to start. And from a protool specification and common sense point of view it would be the wrong thing to officially allow sniffing even when the content-type is clearly specified. HTTP already specifies when sniffing is allowed or not. Major browser vendors have over time and by intent choosen to ignore this part of the specifications, and now their ignorance is coming back and biting them and their users. Does this mean that specifications should change to allow for these bugs to grow into a standard feature encouraging ignorance? It also seems that some noticeable players have lost faith, thinking that things won't improve over time and things will stay as bad or worse over time. An attitude I find a bit disturbing when working with specifications as it means nothing can be changed or fixed other than documenting how broken the current implementations is today, ending in the rationale that "UTF7 content sniffing is implemented by some, so it must be supported by everyone even if completely stupid and current specifications we all agreed to implement years ago says you MUST NOT". Yee, it do take some years of effort before any result in these areas at all is seen, but it's certainly not impossible. I have been fighting some of these wars, and some hours per year over some years nagging the right people about something which bothers you can make a difference. Yes, in the end there will be some old minor sites no longer working well with newer browsers if sniffing is deprecated. But there will also be existing major sites working better, being able to use content types as intended instead of having to find ways around the browsers guessing game. HTTP intentionally does not specify how sniffing is to be implemented or evaluated. That's a client implementation detail as far as HTTP is concerned, and extra feature to be used when nothing else is known about the content. > > How is that possible? > > Using Microsoft's proposal or by using a separate header, for instance. If it wasn't for the Apache answer that if such extension gets commonly available then it will be set by default by Apache, and things would go back to square -1 by the reasoning applied earlier, with even more bits on the wire that nobody want's to trust because server admins is by definition not trustworthy to be willing to make their servers conform with requirements or in general completely ignorant if their content breaks for large parts of their user base because of this. My concern about the proposal or added header is the reverse. Yes, it will enable servers to tell next generation of clients to trust them, but on the downside it will give more slack to the proponents which thinks sniffing is the solution to how to deal with mislabelled content. It's not a real solution to the problem, in fact it encourages that bug to grow even bigger, just adding a workaround to be able to ask that bug to go and hide for a while. > Well, the biggest vendor just put a proposal on the table that would > make it possible to disable sniffing altogether. > > Maybe it would make sense to consider it seriously, instead of > immediately stating "won't work"? It will work, at least temporarily until there is again sufficient amount of mislabelled content. The only real long term solution I see to this problem is for major browser vendors to gradually stop sniffing content even without this extension. Add "serer trust" levels similar to how cookies black/whitelisting is managed, enabling the browsers to learn (by user experience) which sites label their content proerly and which don't. A good start on this track is to add a visible indication when mislabelled content is detected, enabling users to see when there is something wrong without "destroying the web". Regards Henrik
Received on Monday, 7 July 2008 13:21:38 UTC