Re: [websec] scope of mimesniff: roles vs. contexts vs. delivery channels
Bjoern Hoehrmann <derhoermi@gmx.net> Wed, 11 January 2012 21:29 UTC
Return-Path: <derhoermi@gmx.net>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7049411E80BB for <websec@ietfa.amsl.com>; Wed, 11 Jan 2012 13:29:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ToFJOIeIL2ps for <websec@ietfa.amsl.com>; Wed, 11 Jan 2012 13:29:33 -0800 (PST)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 56E4B11E8074 for <websec@ietf.org>; Wed, 11 Jan 2012 13:29:33 -0800 (PST)
Received: (qmail invoked by alias); 11 Jan 2012 21:29:31 -0000
Received: from dslb-094-222-134-172.pools.arcor-ip.net (EHLO HIVE) [94.222.134.172] by mail.gmx.net (mp026) with SMTP; 11 Jan 2012 22:29:31 +0100
X-Authenticated: #723575
X-Provags-ID: V01U2FsdGVkX18n57V1lvAn8wF3Gfg57TlgYrN5v8kL13Mk48o992 Z3Nctscc2lIefq
From: Bjoern Hoehrmann <derhoermi@gmx.net>
To: Larry Masinter <masinter@adobe.com>
Date: Wed, 11 Jan 2012 22:29:36 +0100
Message-ID: <p8vrg756d7qq3rimdtg7pppqaa1sg10ii8@hive.bjoern.hoehrmann.de>
References: <C68CB012D9182D408CED7B884F441D4D06123B524F@nambxv01a.corp.adobe.com>
In-Reply-To: <C68CB012D9182D408CED7B884F441D4D06123B524F@nambxv01a.corp.adobe.com>
X-Mailer: Forte Agent 3.3/32.846
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Y-GMX-Trusted: 0
Cc: "websec@ietf.org" <websec@ietf.org>
Subject: Re: [websec] scope of mimesniff: roles vs. contexts vs. delivery channels
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jan 2012 21:29:34 -0000
* Larry Masinter wrote: >Going back to the "scope" question, should the mimesniff document cover >sniffing in contexts other than browsers, e.g., by web servers during >file upload, by proxies or firewalls or gateways, by spiders or search >engines, etc.? I note that the current draft does not seem to address web browser up- loads (if a browser uploads a GIF as image/jpeg, and the server echoes data and label back verbatim, and then the browser treats that as a GIF even though it just said it's a JPEG, that would seem to be bad), but more generally I would rather have a "web browser only" specification soon and then talk about what other components might be relevant and how to address those, than try and address all of it at once. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
- [websec] scope of mimesniff: roles vs. contexts v… Larry Masinter
- Re: [websec] scope of mimesniff: roles vs. contex… Bjoern Hoehrmann
- Re: [websec] scope of mimesniff: roles vs. contex… Tobias Gondrom