- From: Larry Masinter <masinter@adobe.com>
- Date: Mon, 4 Nov 2013 08:09:24 -0800
- To: "Henry S. Thompson" <ht@inf.ed.ac.uk>, Mark Nottingham <mnot@mnot.net>
- CC: S Moonesamy <sm+ietf@elandsys.com>, "julian.reschke@gmx.de" <julian.reschke@gmx.de>, "draft-ietf-httpbis-p2-semantics.all@tools.ietf.org" <draft-ietf-httpbis-p2-semantics.all@tools.ietf.org>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
I'd like to point out that the topic of consistent content inspection was discussed in the websec working group via: http://tools.ietf.org/html/draft-ietf-websec-mime-sniff-03 which was abandoned in the IETF and taken up by WHATWG in http://mimesniff.spec.whatwg.org/. The "bugs" filed in IETF tracker: http://trac.tools.ietf.org/wg/websec/trac/query?component=mime-sniff and discussed at IETF 82 Taipei http://tools.ietf.org/agenda/82/slides/websec-2.pdf were subsequently reproduced in the WHATWG tracker https://www.w3.org/Bugs/Public/show_bug.cgi?id=19746 Ideally, the "magic number" entry in the Media Type registry would be retargeted to give instructions and prioritization for content recognition, especially in cases (such as ftp: and file: access) where there is no channel for content-type transmission. Fixing content-type sniffing goes beyond http and should be addressed directly. Larry -- http://larry.masinter.net
Received on Monday, 4 November 2013 16:10:58 UTC