Re: [Ietf-message-headers] X-Content-Type-Options

Mark Nottingham <mnot@mnot.net> Thu, 18 May 2017 01:55 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: ietf-message-headers@ietfa.amsl.com
Delivered-To: ietf-message-headers@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94333128AB0 for <ietf-message-headers@ietfa.amsl.com>; Wed, 17 May 2017 18:55:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=O8Oyds92; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=IYz0CHvk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CxE0X21EtrQn for <ietf-message-headers@ietfa.amsl.com>; Wed, 17 May 2017 18:55:26 -0700 (PDT)
Received: from new1-smtp.messagingengine.com (new1-smtp.messagingengine.com [66.111.4.221]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AB76128B51 for <ietf-message-headers@lists.ietf.org>; Wed, 17 May 2017 18:55:25 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailnew.nyi.internal (Postfix) with ESMTP id 575981204; Wed, 17 May 2017 21:55:25 -0400 (EDT)
Received: from frontend1 ([10.202.2.160]) by compute3.internal (MEProxy); Wed, 17 May 2017 21:55:25 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=2IoV7PFmkxlyltZxck TIIVDmcOeUmObKb8b73J8bw7M=; b=O8Oyds92JEqpSMHi8n3Q6373QtfxycF7VE owQR4Qe6Mk464F7plAURn+cXDYeokXv1qzWsh8eg1iZOjkC4Vu2R3RwaWWfNLSy7 00mrxOYx2l/InmGNl8AvI4PejWjPytkQkLSdameyR4pLfquUzGgRSZuR2kZUyUNW pvODmuCSbeN8iwetgkUTXPE7D+KwzJc8KDlFKHHqka5FkgzsPiWUwoW7NvX5SBpc hbXs6G4pFGm7vAT7oYswX2Fe+xGktu+Sze01I/fOD6BA6gIQISc5XTN/hhqNsnJV vwIixN1q6STpY3P+2o7+GU9K87ViEpoi6j/ZoHhb8buWbmSyqu+w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s= fm1; bh=2IoV7PFmkxlyltZxckTIIVDmcOeUmObKb8b73J8bw7M=; b=IYz0CHvk T+qERSZ0Euo5m2fnWH4R3aR6wNOXUBrojKWlSNL3XeK5K9VST2SkUtnEMqNoEc0o xYhnow1VkJRMFgih100F2qlbCHaJct4VwCuwIBOiHnMXoBR51bvoQFtkEC9pjHH8 Dj9pDqjrUCpGTobqlt/kBqGvo23z1We5ysXXkbwWkUwZaScid0hXxx0awDvojGrD MW1IhdW4LvlHpBKQ7+PV6ulexFc6v67ajYs05KIHUlEmtoeNaGiiiT1uG8mJDm6w ffnVfU6RtE1yvueBnaFd7grbz27vAA3wV+dDc/ioH59RuCJblkjpcTqv8vEseqXU xMcv82+eyNCCgg==
X-ME-Sender: <xms:Df8cWfDps8z_dV2Gk6pEhBJVe1U8Gmqk-SvWiWHnaLtl7EPsNuNQ9Q>
X-Sasl-enc: IoxP+CY33t4RZo3sveatui1k0zSw6VGeoh3Bn7S4sPmK 1495072524
Received: from [192.168.1.18] (cpe-124-188-19-231.hdbq1.win.bigpond.net.au [124.188.19.231]) by mail.messagingengine.com (Postfix) with ESMTPA id AAB097E71B; Wed, 17 May 2017 21:55:23 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <CA+9kkMDzqcG3zM=mJD1U0zTrdYZy=wC8FRm1CDr8Y1Q-UYMaTQ@mail.gmail.com>
Date: Thu, 18 May 2017 11:55:20 +1000
Cc: Anne van Kesteren <annevk@annevk.nl>, ietf-message-headers@lists.ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <E892E37D-5699-4D48-AA2D-A99268509BB4@mnot.net>
References: <CADnb78gKcPdYm1_BU2FmCYyX8f135sC9QFG8AjEDoit++4srRw@mail.gmail.com> <CA+9kkMDzqcG3zM=mJD1U0zTrdYZy=wC8FRm1CDr8Y1Q-UYMaTQ@mail.gmail.com>
To: Ted Hardie <ted.ietf@gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-message-headers/JjMbWQWZXFJwzLsh_FxVxZnP6Ek>
Subject: Re: [Ietf-message-headers] X-Content-Type-Options
X-BeenThere: ietf-message-headers@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion list for header fields used in Internet messaging applications." <ietf-message-headers.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-message-headers>, <mailto:ietf-message-headers-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-message-headers/>
List-Post: <mailto:ietf-message-headers@ietf.org>
List-Help: <mailto:ietf-message-headers-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-message-headers>, <mailto:ietf-message-headers-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 May 2017 01:55:28 -0000

It's already widely-deployed, so it's grandfathered in, I think.

https://msdn.microsoft.com/library/gg622941(v=vs.85).aspx


> On 18 May 2017, at 4:56 am, Ted Hardie <ted.ietf@gmail.com> wrote:
> 
> Hi Anne,
> 
> https://tools.ietf.org/html/rfc6648 suggests avoiding the x- construct wherever possible.  Is it possible to go to Content-Type-Options, without the X-?
> 
> regards,
> 
> Ted Hardie
> 
> On Mon, May 15, 2017 at 3:40 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
> Header field name: X-Content-Type-Options
> 
> Applicable protocol: http
> 
> Status: standard
> 
> Author/Change controller: WHATWG
> 
> Specification document(s):
> https://fetch.spec.whatwg.org/#x-content-type-options-header
> 
> Related information: N/A
> 
> 
> --
> https://annevankesteren.nl/
> 
> _______________________________________________
> Ietf-message-headers mailing list
> Ietf-message-headers@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-message-headers
> 
> _______________________________________________
> Ietf-message-headers mailing list
> Ietf-message-headers@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-message-headers

--
Mark Nottingham   https://www.mnot.net/