- From: Adam Barth <w3c@adambarth.com>
- Date: Mon, 6 Apr 2009 13:59:10 -0700
- To: Lisa Dusseault <lisa.dusseault@messagingarchitects.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Mon, Apr 6, 2009 at 1:07 PM, Lisa Dusseault <lisa.dusseault@messagingarchitects.com> wrote: > That makes more sense now. It might be nice to specifically mention that > the threat model assumes that the server can lie about Content-Type anyway, > and in the security considerations warn that a server might trick clients > into handling one content type as another if the client isn't careful. Will do. > I now think we mean something completely different by "extension". I had > assumed "protocol extension", i.e. a specification that extends HTTP, but > now I see you mean "file name extension". I'll clarify this. Adam
Received on Monday, 6 April 2009 21:00:06 UTC