#15: Clarify scope of MIME sniffing
Comment (by ietf@…):
> However, the document itself covers many situations beyond misconfigured
web content.
In my view, bullets 1 through 3 arise from misconfigured web servers.
For bullet 1, there's lots of examples of servers supplying a
syntactically correct but erroneous MIME type, where I judge the supplied
MIME type to be erroneous because obeying the MIME type causes the site to
behave in undesirable ways, e.g., having broken images because the site
uses a resource as an image but the resource has a Content-Type that says
text/plain.
For bullet 2, a syntacticly invalid Content-Type header is manifestly
caused by a misconfigured server.
For bullet 3, a correctly configured web server will always supply the
correct MIME type with a response, but that's just a matter of semantics.
I'll agree that bullet 4 is a distinct use case and might be valuable to
point out in the introduction.
--
-----------------------------+---------------------------------------------
Reporter: masinter@… | Owner: draft-ietf-websec-mime-sniff@…
Type: defect | Status: new
Priority: major | Milestone:
Component: mime-sniff | Version:
Severity: Active WG | Resolution:
Document |
Keywords: |
-----------------------------+---------------------------------------------
Ticket URL: <http://trac.tools.ietf.org/wg/websec/trac/ticket/15#comment:2>
websec <http://tools.ietf.org/websec/>
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
