- From: William A. Rowe, Jr. <wrowe@rowe-clan.net>
- Date: Thu, 03 Jul 2008 22:46:51 -0500
- To: Justin James <j_james@mindspring.com>
- CC: 'Karl Dubost' <karl@w3.org>, 'Daniel Stenberg' <daniel@haxx.se>, 'HTTP Working Group' <ietf-http-wg@w3.org>, public-html@w3.org
Justin James wrote: > > There are situations where content sniffing makes sense. Yes. There is local file content. There is unintelligent, ftp based delivery. These all need some context that doesn't exist behind the delivery of the content. > There are > situations where it doesn't. The only way to resolve it is to have a flag > that triggers a "no sniffing mode"; to do it the other way around (with a > flag that *turns on* sniffing mode) would contradict existing behavior and > therefore Break The Web. Nonsense. HTTP/1.1 defined the mechanism to do just this. The fact that vendors ignored this, suffered the consequences on vuln-dev and bugtraq, and will continue to do so until they follow the protocol reiterates that sniffing has a place, and within a well defined protocol this isn't it.
Received on Friday, 4 July 2008 03:47:42 UTC