The requirement in the spec is what we intend. The rule applies only
to that exact octet sequence.
Adam
On Sun, Jan 15, 2012 at 11:51 AM, Willy Tarreau w...@1wt.eu wrote:
Hello Adam, Ian,
Today I came across your draft draft-ietf-websec-mime-sniff-03, and
noticed the point below :
2.
On Sun, Jan 15, 2012 at 12:41 PM, Willy Tarreau w...@1wt.eu wrote:
On Sun, Jan 15, 2012 at 11:52:38AM -0800, Adam Barth wrote:
The requirement in the spec is what we intend. The rule applies only
to that exact octet sequence.
But then what are the impacts of not matching the correct
On Sun, Jan 15, 2012 at 1:00 PM, Julian Reschke julian.resc...@gmx.de wrote:
On 2012-01-15 21:53, Adam Barth wrote:
On Sun, Jan 15, 2012 at 12:41 PM, Willy Tarreauw...@1wt.eu wrote:
On Sun, Jan 15, 2012 at 11:52:38AM -0800, Adam Barth wrote:
The requirement in the spec is what we intend. The
On Fri, Jan 13, 2012 at 4:24 PM, =JeffH jeff.hod...@kingsmountain.com wrote:
In terms of this question of whether the STS header field directive ABNF
should be..
1) directive = token [ = ( token | quoted-string ) ]
..or..
2) directive = token [ = token ]
..I can see
On 2012-01-15 22:53, Adam Barth wrote:
...
It's definitely messy.
I don't think it matters much what we write in this document. Even if
we spec quoted-string, I doubt many folks will implement it. However,
we can deal with that problem when it comes time to add extension
values that actually
On 2012-01-15 23:24, Adam Barth wrote:
On Sun, Jan 15, 2012 at 2:11 PM, Julian Reschkejulian.resc...@gmx.de wrote:
On 2012-01-15 22:53, Adam Barth wrote:
...
It's definitely messy.
I don't think it matters much what we write in this document. Even if
we spec quoted-string, I doubt many
On Sun, Jan 15, 2012 at 2:27 PM, Julian Reschke julian.resc...@gmx.de wrote:
On 2012-01-15 23:24, Adam Barth wrote:
On Sun, Jan 15, 2012 at 2:11 PM, Julian Reschkejulian.resc...@gmx.de
wrote:
On 2012-01-15 22:53, Adam Barth wrote:
...
It's definitely messy.
I don't think it matters
Thanks for your thoughts,
I don't think it matters much what we write in this document.
I overall understand and tend to agree, because I'm doubting we will see much
if any further extension work for this header field.
However,
we can deal with that problem when it comes time to add
Adam wondered..
Why not just postMessage of the HTML form element? If you want be
more sneaky about it, you can just the HTTP cache. Anyway, web sites
are allowed to send messages to each other.
Yeah. I submitted that item for completeness-sake, it'd gotten shuffled deep
in the
Hello Adam, Ian,
Today I came across your draft draft-ietf-websec-mime-sniff-03, and
noticed the point below :
2. If the octets were fetched via HTTP and there is an HTTP Content-
Type header field and the value of the last such header field has
octets that *exactly* match the
On Sun, Jan 15, 2012 at 11:52:38AM -0800, Adam Barth wrote:
The requirement in the spec is what we intend. The rule applies only
to that exact octet sequence.
But then what are the impacts of not matching the correct content-type ?
Willy
___
websec
On Sun, Jan 15, 2012 at 01:06:20PM -0800, Adam Barth wrote:
On Sun, Jan 15, 2012 at 1:00 PM, Julian Reschke julian.resc...@gmx.de wrote:
On 2012-01-15 21:53, Adam Barth wrote:
On Sun, Jan 15, 2012 at 12:41 PM, Willy Tarreauw...@1wt.eu wrote:
On Sun, Jan 15, 2012 at 11:52:38AM -0800, Adam
On 01/05/2012 11:50 AM, Anne van Kesteren wrote:
On Thu, 05 Jan 2012 16:59:58 +0100, Paul Hoffman paul.hoff...@vpnc.org
wrote:
We invented a header that your message-producing software must
special-case is not a good way to get security.
If the header-consuming software works that way, it
13 matches
Mail list logo