IETF Logo Mail Archive

Re: [websec] Minor feedback on draft-ietf-websec-mime-sniff-03

Ian Hickson <ian@hixie.ch> Tue, 17 January 2012 21:32 UTC

Return-Path: <ian@hixie.ch>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5674111E80AF for <websec@ietfa.amsl.com>; Tue, 17 Jan 2012 13:32:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1-3YKsb5tGsP for <websec@ietfa.amsl.com>; Tue, 17 Jan 2012 13:32:04 -0800 (PST)
Received: from homiemail-a50.g.dreamhost.com (caibbdcaaaaf.dreamhost.com [208.113.200.5]) by ietfa.amsl.com (Postfix) with ESMTP id CE1E111E80A2 for <websec@ietf.org>; Tue, 17 Jan 2012 13:32:04 -0800 (PST)
Received: from homiemail-a50.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a50.g.dreamhost.com (Postfix) with ESMTP id 2C18B6F8059; Tue, 17 Jan 2012 13:32:04 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=hixie.ch; h=date:from:to:cc :subject:in-reply-to:message-id:references:mime-version: content-type; q=dns; s=hixie.ch; b=Lkf4gBBoF7H+uAB8LCo/NZRWZ5jVq dBx3fRZl5Jl+LKiq0fqO//4H1ZbaiS/JmIB/IPXeJ+6vNkej3nra899X8tZQllm9 f44vF9eRbNbhNRirH+yA8HZRi1wZjmSnkuA6uijtk9jnqLW1Oe1yniuVJHX3W8vg wGp9ofskkXlvdk=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=hixie.ch; h=date:from:to :cc:subject:in-reply-to:message-id:references:mime-version: content-type; s=hixie.ch; bh=bzOqg1wp9ds6gY8RBU6KocgRJUY=; b=jx2 HPd6L/k62bJ5wiU4K9ScPe2yzsggwAIeTNOgP6wgTH4K3Il7vxCFdZytb0ePn9OO 2qTpKxFjBoRFz3BgD5bpMHis4cnjz2IaEjOS9bW8MLr1YRidZ4hQYXrAZwg6Qr4B Ut4qZCf2huEkLdoxzKcY3o6jkVW8jfEU6DYDsTN0=
Received: from ps20323.dreamhostps.com (ps20323.dreamhost.com [69.163.222.251]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: internal@index.hixie.ch) by homiemail-a50.g.dreamhost.com (Postfix) with ESMTPSA id 205BD6F8058; Tue, 17 Jan 2012 13:32:04 -0800 (PST)
Date: Tue, 17 Jan 2012 21:32:03 +0000
From: Ian Hickson <ian@hixie.ch>
To: Willy Tarreau <w@1wt.eu>
In-Reply-To: <20120115211702.GJ32205@1wt.eu>
Message-ID: <Pine.LNX.4.64.1201172130280.14845@ps20323.dreamhostps.com>
References: <20120115195120.GG32205@1wt.eu> <CAJE5ia_gBJ=7DviO5hkmqnXHtC8ptHyKAMieBrFbVV-h9rQo9g@mail.gmail.com> <20120115204154.GH32205@1wt.eu> <CAJE5ia9vPmkMB-NkF-5PRzd2UZcrnSvmVPNYX3XvA80HMeVvEw@mail.gmail.com> <20120115211702.GJ32205@1wt.eu>
Content-Language: en-GB-hixie
Content-Style-Type: text/css
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Mailman-Approved-At: Tue, 17 Jan 2012 20:25:28 -0800
Cc: websec@ietf.org
Subject: Re: [websec] Minor feedback on draft-ietf-websec-mime-sniff-03
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jan 2012 21:32:05 -0000

On Sun, 15 Jan 2012, Willy Tarreau wrote:
> 
> For instance, if I get a file advertised like this :
> 
>    Content-type: text/plain; charset=us-ascii
> 
> then it will not be interpreted as text/plain

What makes you think that? As far as I can tell, the algorithm given in 
the spec requires that such a file be treated as text/plain.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

v2.23.0 | Report a Bug | By Email