- From: Adam Barth <w3c@adambarth.com>
- Date: Sat, 30 May 2009 15:56:22 -0700
- To: Lisa Dusseault <lisa.dusseault@messagingarchitects.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Mon, Apr 6, 2009 at 1:07 PM, Lisa Dusseault <lisa.dusseault@messagingarchitects.com> wrote: > That makes more sense now. It might be nice to specifically mention that > the threat model assumes that the server can lie about Content-Type anyway, > and in the security considerations warn that a server might trick clients > into handling one content type as another if the client isn't careful. Thanks. I've added this note to the draft. Let me know if you'd like more exposition here. Adam
Received on Saturday, 30 May 2009 22:57:13 UTC