Re: Questions about draft-abarth-mime-sniff-00

On Mon, Apr 6, 2009 at 1:07 PM, Lisa Dusseault
<lisa.dusseault@messagingarchitects.com> wrote:
> That makes more sense now.  It might be nice to specifically mention that
> the threat model assumes that the server can lie about Content-Type anyway,
> and in the security considerations warn that a server might trick clients
> into handling one content type as another if the client isn't careful.

Will do.

> I now think we mean something completely different by "extension".  I had
> assumed "protocol extension", i.e. a specification that extends HTTP, but
> now I see you mean "file name extension".

I'll clarify this.

Adam

Received on Monday, 6 April 2009 21:00:06 UTC