- From: Jonathan Rees <jar@creativecommons.org>
- Date: Wed, 2 Dec 2009 10:10:23 -0500
- To: David Booth <david@dbooth.org>
- Cc: "Henry S. Thompson" <ht@inf.ed.ac.uk>, www-tag@w3.org
I think I'm with you, David, but concrete examples would help... something like the following maybe? (at http://mumble.net/~jar/message, haven't tried it with IE) <html not="true"> <!-- The following is completely ludicrous, and I never would have said it: --> Jonathan's house is painted an ugly color. If interpreted as having media type text/plain, it means one thing, while if interpreted as text/html, it means the opposite. This could be countered by saying that miscommunications like this *are* security issues (consider the dubious case where the html comment contains private information, and the document was interpreted as plain when html was wanted); but it could also be countered by saying that it's too artificial to be convincing. Jonathan On Wed, Dec 2, 2009 at 8:06 AM, David Booth <david@dbooth.org> wrote: > A question: > > On Wed, 2009-12-02 at 12:23 +0000, Henry S. Thompson wrote: > [ . . . ] >> I took an action [3] to review the situation, and suggest further action >> if necessary. >> >> I think we should in fact request the HTTPbis editors to reopen their >> Ticket #155 [4] with a suggestion that something along the following >> lines be added after the above-quoted paragraph in section 3.2.1: >> >> If the Content-Type header field _is_ present, recipients SHOULD NOT >> examine the content and override the specified type if the change >> would significantly alter the security exposure ('privilege >> escalation'). > > Why only "if the change would significantly alter the security > exposure . . . "? Why not also for other cases, where the user is just > trying to get what the server is trying to send? > > David Booth > >> >> This change is compatible with _Content-Type Processing Model_, a >> draft "responsible sniffing" Internet-Draft [5]. >> >> ht >> >> [1] http://www.w3.org/2001/tag/2009/09/24-minutes#item03 >> [2] http://trac.tools.ietf.org/wg/httpbis/trac/export/663/draft-ietf-httpbis/latest/p3-payload.html#rfc.section.3.2.1 >> [3] http://www.w3.org/2001/tag/group/track/actions/309 >> [4] http://trac.tools.ietf.org/wg/httpbis/trac/ticket/155 >> [5] http://ietfreport.isoc.org/idref/draft-abarth-mime-sniff/ >> - -- >> Henry S. Thompson, School of Informatics, University of Edinburgh >> Half-time member of W3C Team >> 10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 650-4440 >> Fax: (44) 131 651-1426, e-mail: ht@inf.ed.ac.uk >> URL: http://www.ltg.ed.ac.uk/~ht/ >> [mail really from me _always_ has this .sig -- mail without it is forged spam] >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.2.6 (GNU/Linux) >> >> iD8DBQFLFlxfkjnJixAXWBoRAqEiAJ96ixasPHacaeuNm3WzKkfsjaH9DACfQQ1a >> sPg4wAPVxDp0jlqSkqwpeaQ= >> =theI >> -----END PGP SIGNATURE----- >> >> >> > -- > David Booth, Ph.D. > Cleveland Clinic (contractor) > > Opinions expressed herein are those of the author and do not necessarily > reflect those of Cleveland Clinic. > > >
Received on Wednesday, 2 December 2009 15:11:05 UTC