On Mon, Oct 24, 2011 at 7:32 PM, Anne van Kesteren <[email protected]> wrote: > On Tue, 25 Oct 2011 11:21:35 +0900, Adam Barth <[email protected]> wrote: >> >> http://trac.tools.ietf.org/wg/websec/trac/ticket/17 refers to an IANA >> registry with magic numbers for various media types. I wanted to >> compare them to what's in the draft, but I couldn't find it. I found >> the media type registry, e.g., for images: >> >> http://www.iana.org/assignments/media-types/image/index.html >> >> but I don't see any magic numbers. Would someone be willing to point >> me in the right direction? > > I don't think using a registry is a good idea. When a new MIME type comes > along it needs to be determined at that point whether or not we want to > sniff for it. E.g. for image/svg+xml, a new image MIME type, we decided we > would not sniff for it. > > I suppose we could somehow encode all that information in a registry, but I > do not see it making things any better for implementors.
Yeah, I don't think a registry is a good idea either. Constructing these signatures is too subtle, but I wanted to give the idea a fair shake. Looking at the existing registry will give us a sense for its quality. Adam _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
