- From: Larry Masinter <masinter@adobe.com>
- Date: Tue, 1 Feb 2011 09:18:12 -0800
- To: Yves Lafon <ylafon@w3.org>
- CC: "Eric J. Bowman" <eric@bisonsystems.net>, "nathan@webr3.org" <nathan@webr3.org>, "ashok.malhotra@oracle.com" <ashok.malhotra@oracle.com>, Jonathan Rees <jar@creativecommons.org>, Noah Mendelsohn <nrm@arcanedomain.com>, "www-tag@w3.org" <www-tag@w3.org>
>> Wasn't there a proposed (or implemented) "I really mean the content-type >> header please don't sniff" HTTP header? > Yes: "MIME-Handling: Sniffing Opt-Out" > Discussion thread here: > http://lists.w3.org/Archives/Public/ietf-http-wg/2008JulSep/0002.html > I mean it will always lead to "I really mean it" and "I really really mean > it" (wash, rinse, repeat) Not necessarily. What's necessary is a reasonable transition plan, e.g., that browsers implement and deploy (with significant distribution... say 75%) before web sites start sending. I think partly the question is not "is sniffing good or bad" but rather "who does the sniffing". Let's say the header was: MIME-Handling: Already-did-sniffing That is: "The content-type labeled here is a result of sniffing on the server". This doesn't tell the client what to do, it just tells the client that the server already did whatever sniffing the server thought was appropriate for this server's content. The observation is that many servers *have* to do sniffing because the server-side file extensions are inadequate. But, having done it once, don't do it again. The "sniffing" draft is now a work item of websec, not sure how to coordinate that, or whether we should send a comment through that working group? Larry
Received on Tuesday, 1 February 2011 17:19:00 UTC