On Mon, Apr 6, 2009 at 1:07 PM, Lisa Dusseault <lisa.dusseault@messagingarchitects.com> wrote: > That makes more sense now. It might be nice to specifically mention that > the threat model assumes that the server can lie about Content-Type anyway, > and in the security considerations warn that a server might trick clients > into handling one content type as another if the client isn't careful. Thanks. I've added this note to the draft. Let me know if you'd like more exposition here. AdamReceived on Saturday, 30 May 2009 22:57:13 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:19 UTC