On Sun, Oct 23, 2011 at 8:26 PM, Larry Masinter <[email protected]> wrote: >> Agree with this one. >> With one addition: it must be clear, that if you "opt-in" for sniffing, than >> you MUST (SHOULD?) follow the mime-sniffing algorithm. > > I don't think that's possible. I think the crux of this issue is that I don't > think the "mime-sniffing algorithm" is currently structured in a way that > lets the results be "opt-in" on a case-by-case basis. > > For example, the algorithm starts with an analysis of existing content-type > headers, and winds up, in its state transition and communication paths, not > letting later stages of the algorithm know whether the supplied content-type > was malformed, whether there were two rather than one, etc. So if you > follow the algorithm, you don't have any way (at least if you're just > following this algorithm) of "opting" later in ways that want to distinguish.
Sure, but those are things we can fix. :) Adam _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
