Re: [websec] I-D Action:draft-ietf-websec-mime-sniff-03.txt
Adam Barth <ietf@adambarth.com> Sat, 01 October 2011 06:45 UTC
Return-Path: <ietf@adambarth.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CFA921F8B5E for <websec@ietfa.amsl.com>; Fri, 30 Sep 2011 23:45:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.902
X-Spam-Level:
X-Spam-Status: No, score=-2.902 tagged_above=-999 required=5 tests=[AWL=-0.225, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IntVr0IXS01K for <websec@ietfa.amsl.com>; Fri, 30 Sep 2011 23:45:32 -0700 (PDT)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by ietfa.amsl.com (Postfix) with ESMTP id C68BF21F8B58 for <websec@ietf.org>; Fri, 30 Sep 2011 23:45:32 -0700 (PDT)
Received: by iaby26 with SMTP id y26so3305194iab.31 for <websec@ietf.org>; Fri, 30 Sep 2011 23:48:27 -0700 (PDT)
Received: by 10.231.24.224 with SMTP id w32mr11574743ibb.75.1317451707573; Fri, 30 Sep 2011 23:48:27 -0700 (PDT)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by mx.google.com with ESMTPS id r14sm12645797ibe.7.2011.09.30.23.48.25 (version=SSLv3 cipher=OTHER); Fri, 30 Sep 2011 23:48:26 -0700 (PDT)
Received: by iaby26 with SMTP id y26so3305158iab.31 for <websec@ietf.org>; Fri, 30 Sep 2011 23:48:25 -0700 (PDT)
Received: by 10.231.20.147 with SMTP id f19mr49551ibb.13.1317451705062; Fri, 30 Sep 2011 23:48:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.200.203 with HTTP; Fri, 30 Sep 2011 23:47:55 -0700 (PDT)
In-Reply-To: <4E86A1B0.3090601@it.aoyama.ac.jp>
References: <20110508004502.3883.40670.idtracker@ietfa.amsl.com> <4E7DB8E4.9040208@gmx.de> <4E83AA99.6080308@gondrom.org> <CAJE5ia_k3vXWixC6UsJ6mJ08xW8NQO06MVVD9-dzYSOFkDfutg@mail.gmail.com> <4E83BF67.3040207@it.aoyama.ac.jp> <CAJE5ia_b8W0DMZnCmXWYTHwQ-WGpm-Jg+Lozd7UWJPKj6zVqww@mail.gmail.com> <4E86A1B0.3090601@it.aoyama.ac.jp>
From: Adam Barth <ietf@adambarth.com>
Date: Fri, 30 Sep 2011 23:47:55 -0700
Message-ID: <CAJE5ia9XO9tKdwE57rCD7KjyFcOFVCZJSNS0T+fBr1fEOF6B7A@mail.gmail.com>
To: "Martin J. Dürst" <duerst@it.aoyama.ac.jp>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: websec@ietf.org
Subject: Re: [websec] I-D Action:draft-ietf-websec-mime-sniff-03.txt
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Oct 2011 06:45:33 -0000
On Fri, Sep 30, 2011 at 10:14 PM, "Martin J. Dürst" <duerst@it.aoyama.ac.jp> wrote: > On 2011/09/29 11:45, Adam Barth wrote: >> On Wed, Sep 28, 2011 at 5:44 PM, "Martin J. Dürst" >> <duerst@it.aoyama.ac.jp> wrote: >>> >>> On 2011/09/29 8:26, Adam Barth wrote: >>>> >>>> As I recall, the nosniff directive is pretty controversial. >>> >>> But then, as I recall, the whole business of sniffing is pretty >>> controversial to start with. Are there differences between the >>> controversiality of sniffing as such and the controversiality of the >>> nosniff >>> directive that explain why one is in the draft and the other is not? >> >> The reason why one is in and the other isn't is just historical. >> nosniff didn't exist at the time the document was originally written. > > Your first answer sounded as if the nosniff directive was too controversial > to be included in any draft, but your second answer seems to suggest that it > was left out by (historical) accident, and that it might be worth to include > it. The essential question isn't whether we should include it in the draft. The essential question is whether folks want to implement it. If no one wants to implement it, putting it in the draft is a negative. If folks want to implement, then we can deal with the controversy. Adam
- [websec] I-D Action:draft-ietf-websec-mime-sniff-… Internet-Drafts
- Re: [websec] I-D Action:draft-ietf-websec-mime-sn… Julian Reschke
- Re: [websec] I-D Action:draft-ietf-websec-mime-sn… Alexey Melnikov
- Re: [websec] I-D Action:draft-ietf-websec-mime-sn… Tobias Gondrom
- Re: [websec] I-D Action:draft-ietf-websec-mime-sn… Adam Barth
- Re: [websec] I-D Action:draft-ietf-websec-mime-sn… Tobias Gondrom
- Re: [websec] I-D Action:draft-ietf-websec-mime-sn… Adam Barth
- Re: [websec] I-D Action:draft-ietf-websec-mime-sn… Martin J. Dürst
- Re: [websec] I-D Action:draft-ietf-websec-mime-sn… Adam Barth
- Re: [websec] I-D Action:draft-ietf-websec-mime-sn… Martin J. Dürst
- Re: [websec] I-D Action:draft-ietf-websec-mime-sn… Adam Barth
- Re: [websec] I-D Action:draft-ietf-websec-mime-sn… Phillip Hallam-Baker
- Re: [websec] I-D Action:draft-ietf-websec-mime-sn… Tobias Gondrom
- Re: [websec] I-D Action:draft-ietf-websec-mime-sn… Bjoern Hoehrmann