Re: ISSUE-104 (sniffing-optional): Chairs Solicit Proposals

On 04.03.2010 03:29, Adam Barth wrote:
> On Wed, Mar 3, 2010 at 8:20 AM, Julian Reschke<julian.reschke@gmx.de>  wrote:
>> On 03.03.2010 17:05, Sam Ruby wrote:
>>> "Clarify that mime type sniffing is optional"
>>>
>>> Per the decision policy, at this time the chairs would like to solicit
>>> volunteers to write Change Proposals.
>>>
>>> http://www.w3.org/html/wg/tracker/issues/104
>>> http://dev.w3.org/html5/decision-policy/decision-policy.html#escalation
>>>
>>> If no Change Proposals are written by April 5th, 2010 this issue will be
>>> closed without prejudice.
>>>
>>> Issue status link:
>>> http://dev.w3.org/html5/status/issue-status.html#ISSUE-104
>>
>> I volunteer to write this CP.
>
> Julian, would you be willing to summarize (e.g., in one sentence) what
> resolution you intend to propose?  I'm happy to update the
> Internet-Draft to make this clearer without needing to go through the
> whole Change Proposal process.

Hi Alan,

I think the cited draft could be improved, see the discussion that Larry 
started on apps-discuss. (*)

However *this* issue is really about HTML5, not the Internet Draft. 
Again, I cite what it says (or used to say a few weeks ago):

"The Content-Type metadata of a resource must be obtained and 
interpreted in a manner consistent with the requirements of the 
Content-Type Processing Model specification. [MIMESNIFF]

The algorithm for extracting an encoding from a Content-Type, given a 
string s, is given in the Content-Type Processing Model specification. 
It either returns an encoding or nothing. [MIMESNIFF]

The sniffed type of a resource must be found in a manner consistent with 
the requirements given in the Content-Type Processing Model 
specification for finding that sniffed type. [MIMESNIFF]

The rules for sniffing images specifically and the rules for 
distingushing if a resource is text or binary are also defined in the 
Content-Type Processing Model specification. Both sets of rules return a 
MIME type as their result. [MIMESNIFF]

Warning: It is imperative that the rules in the Content-Type Processing 
Model specification be followed exactly. When a user agent uses 
different heuristics for content type detection than the server expects, 
security problems can occur. For more details, see the Content-Type 
Processing Model specification. [MIMESNIFF]"

(context: <http://www.w3.org/Bugs/Public/show_bug.cgi?id=7744#c22>)

So this is an example of totally unhelpful references, but also of not 
saying *anything* about what the reader might want to know ("can I 
*rely* on sniffing/do I *have* to implement sniffing").

That's what the CP would address.

Best regards, Julian

(*) It would be great if, in the process on working on this, we'd end up 
with a more modular sniffing spec, where the individual parts have 
names/subsections that could be used in references.

(**) Maybe IETF Anaheim would be an opportunity to look at this? I 
assume you'll be there for http-state?

Received on Thursday, 4 March 2010 09:19:10 UTC