Re: [websec] Font sniffing
Tobias Gondrom <tobias.gondrom@gondrom.org> Tue, 25 January 2011 19:31 UTC
Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: websec@core3.amsl.com
Delivered-To: websec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A68BD3A683B for <websec@core3.amsl.com>; Tue, 25 Jan 2011 11:31:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -94.337
X-Spam-Level:
X-Spam-Status: No, score=-94.337 tagged_above=-999 required=5 tests=[AWL=0.425, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, J_CHICKENPOX_12=0.6, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W4OUCAkz9fOE for <websec@core3.amsl.com>; Tue, 25 Jan 2011 11:31:24 -0800 (PST)
Received: from lvps83-169-7-107.dedicated.hosteurope.de (lvps83-169-7-107.dedicated.hosteurope.de [83.169.7.107]) by core3.amsl.com (Postfix) with ESMTP id 451033A687F for <websec@ietf.org>; Tue, 25 Jan 2011 11:31:24 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=jBGMKhJYlPyAGn96+90x0FqdDXeEvBPrwFIsXCikW0okkpelnwuK3kvR4BiCTk1YNOUiw6O1ad2A7qJBF5ZmmwR54Lnn4LJ86ZQlsiFiA9rQxJol1UkZxZD5xxwa7QwC; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:X-Enigmail-Version:Content-Type:Content-Transfer-Encoding;
Received: (qmail 19945 invoked from network); 25 Jan 2011 20:26:44 +0100
Received: from host-52-160.london.edu (HELO seraphim.heaven) (163.119.52.160) by lvps83-169-7-107.dedicated.hosteurope.de with (DHE-RSA-AES256-SHA encrypted) SMTP; 25 Jan 2011 20:26:44 +0100
Message-ID: <4D3F2419.4080302@gondrom.org>
Date: Tue, 25 Jan 2011 19:27:21 +0000
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101206 SUSE/3.1.7 Lightning/1.0b2 Thunderbird/3.1.7
MIME-Version: 1.0
To: websec@ietf.org, annevk@opera.com
References: <op.vpu5phad64w2qv@anne-van-kesterens-macbook-pro.local>
In-Reply-To: <op.vpu5phad64w2qv@anne-van-kesterens-macbook-pro.local>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [websec] Font sniffing
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jan 2011 19:31:25 -0000
Anne, Sorry, I don't understand what you mean with your comment. AFAIK font sniffing was not the intent for the draft-ietf-websec-mime-sniff draft. Do you suggest to do s.th. in websec in this regard (font types) and why/what? - Tobias On 01/25/2011 12:16 PM, Anne van Kesteren wrote: > Due to nobody taking specifying media types, Content-Type for fonts is > a lost cause. They probably need a loading context similar to images > which the @font-face specification should use at some point. > > Here are the signatures that Opera handles: > > 0x74746366 'ttcf' (TTC; TrueType Collection) > 0x4F54544F 'OTTO' (OTF; OpenType) > 0x00010000 (TTF; TrueType) > 0x774F4646 'wOFF' (WOFF; Web Open Font Format) > > For WOFF application/font-woff is being registered it seems, but > nobody enforces that to my knowledge. I.e. user agents sniff. > > > In case it was unclear this is feedback on > http://tools.ietf.org/html/draft-ietf-websec-mime-sniff :-) > >
- [websec] Font sniffing Anne van Kesteren
- Re: [websec] Font sniffing Tobias Gondrom
- Re: [websec] Font sniffing Anne van Kesteren