IETF Logo Mail Archive

Re: [websec] Minor feedback on draft-ietf-websec-mime-sniff-03

Willy Tarreau <w@1wt.eu> Tue, 17 January 2012 21:39 UTC

Return-Path: <w@1wt.eu>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0122011E80BC for <websec@ietfa.amsl.com>; Tue, 17 Jan 2012 13:39:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[AWL=-2.167, BAYES_00=-2.599, HELO_IS_SMALL6=0.556]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id et6zGToMRg4T for <websec@ietfa.amsl.com>; Tue, 17 Jan 2012 13:39:54 -0800 (PST)
Received: from 1wt.eu (1wt.eu [62.212.114.60]) by ietfa.amsl.com (Postfix) with ESMTP id 3D22911E80AF for <websec@ietf.org>; Tue, 17 Jan 2012 13:39:54 -0800 (PST)
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id q0HLdn2k020371; Tue, 17 Jan 2012 22:39:49 +0100
Date: Tue, 17 Jan 2012 22:39:48 +0100
From: Willy Tarreau <w@1wt.eu>
To: Ian Hickson <ian@hixie.ch>
Message-ID: <20120117213948.GB20322@1wt.eu>
References: <20120115195120.GG32205@1wt.eu> <CAJE5ia_gBJ=7DviO5hkmqnXHtC8ptHyKAMieBrFbVV-h9rQo9g@mail.gmail.com> <20120115204154.GH32205@1wt.eu> <CAJE5ia9vPmkMB-NkF-5PRzd2UZcrnSvmVPNYX3XvA80HMeVvEw@mail.gmail.com> <20120115211702.GJ32205@1wt.eu> <Pine.LNX.4.64.1201172130280.14845@ps20323.dreamhostps.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.64.1201172130280.14845@ps20323.dreamhostps.com>
User-Agent: Mutt/1.4.2.3i
X-Mailman-Approved-At: Tue, 17 Jan 2012 20:25:28 -0800
Cc: websec@ietf.org
Subject: Re: [websec] Minor feedback on draft-ietf-websec-mime-sniff-03
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jan 2012 21:39:55 -0000

Hi Ian,

On Tue, Jan 17, 2012 at 09:32:03PM +0000, Ian Hickson wrote:
> On Sun, 15 Jan 2012, Willy Tarreau wrote:
> > 
> > For instance, if I get a file advertised like this :
> > 
> >    Content-type: text/plain; charset=us-ascii
> > 
> > then it will not be interpreted as text/plain
> 
> What makes you think that? As far as I can tell, the algorithm given in 
> the spec requires that such a file be treated as text/plain.

You're right, as I said in the second mail following this one, I found
what I misread in the algorithm. In short, I thought we'd jump to the
content analysis if the header did not match these exact forms, which
is not the case, I conflated official-type and sniffed-type in the text
if my memory serves me right.

Regards,
Willy

v2.23.0 | Report a Bug | By Email