W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

RE: [apps-discuss] content inspection in absence of media type, was: APPSDIR review of draft-ietf-httpbis-p2-semantics-24

From: Larry Masinter <masinter@adobe.com>
Date: Mon, 4 Nov 2013 08:09:24 -0800
To: "Henry S. Thompson" <ht@inf.ed.ac.uk>, Mark Nottingham <mnot@mnot.net>
CC: S Moonesamy <sm+ietf@elandsys.com>, "julian.reschke@gmx.de" <julian.reschke@gmx.de>, "draft-ietf-httpbis-p2-semantics.all@tools.ietf.org" <draft-ietf-httpbis-p2-semantics.all@tools.ietf.org>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
Message-ID: <C68CB012D9182D408CED7B884F441D4D348260C1C0@nambxv01a.corp.adobe.com>
I'd like to point out that the topic of consistent content inspection was discussed in the websec working group via:
http://tools.ietf.org/html/draft-ietf-websec-mime-sniff-03
which was abandoned in the IETF and taken up by WHATWG in 
http://mimesniff.spec.whatwg.org/.
The "bugs" filed in IETF tracker:
http://trac.tools.ietf.org/wg/websec/trac/query?component=mime-sniff
and discussed at IETF 82 Taipei
http://tools.ietf.org/agenda/82/slides/websec-2.pdf

were subsequently reproduced in the WHATWG tracker

https://www.w3.org/Bugs/Public/show_bug.cgi?id=19746

Ideally, the "magic number" entry in the Media Type registry would be retargeted to give instructions and prioritization for content recognition, especially in cases (such as ftp: and file: access) where there is no channel for content-type transmission.  

Fixing content-type sniffing goes beyond http and should be addressed directly. 

Larry
--
http://larry.masinter.net
Received on Monday, 4 November 2013 16:10:58 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:38 UTC