- From: Henry S. Thompson <ht@inf.ed.ac.uk>
- Date: Wed, 02 Dec 2009 15:17:24 +0000
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: www-tag@w3.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Reschke writes: > As far as I understand that algorithm, it will sometimes apply > sniffing to content labeled text/plain, overriding it, for instance, > as "text/html". Isn't that a significant change of the security > exposure??? My memory is that at the TAG f2f in September we worked through [1] carefully and concluded that it worked very hard at and did indeed succeed in ruling _out_ exactly that kind of privilege escalation, but I will now go back and take another look. ht [1] http://ietfreport.isoc.org/idref/draft-abarth-mime-sniff/ - -- Henry S. Thompson, School of Informatics, University of Edinburgh Half-time member of W3C Team 10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 650-4440 Fax: (44) 131 651-1426, e-mail: ht@inf.ed.ac.uk URL: http://www.ltg.ed.ac.uk/~ht/ [mail really from me _always_ has this .sig -- mail without it is forged spam] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFLFoUFkjnJixAXWBoRAiuBAJ9wQGVjzuEegPWjVtv918bx/tmAQgCeP0Rn 4ruK4AScuYoweHLVTiB9olQ= =Wy9f -----END PGP SIGNATURE-----
Received on Wednesday, 2 December 2009 15:17:59 UTC