From : Julian Reschke < : Julian Reschke < julian.reschke@gmx.de



Message-ID : <486BEA8F.50208@gmx.de>

To : HTTP Working Group < : HTTP Working Group < ietf-http-wg@w3.org >, " public-html@w3.org " < public-html@w3.org



Hi, (crossposted to both the HTTPbis WG's and HTML5 WG's mailing lists...) looking at <http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx>: "MIME-Handling: Sniffing Opt-Out Next, we’ve provided web-applications with the ability to opt-out of MIME-sniffing. Sending the new authoritative=true attribute on the Content-Type HTTP response header prevents Internet Explorer from MIME-sniffing a response away from the declared content-type." Let's ignore the issue of inventing a new media type parameter for all new media types for a moment... It's good that MS recognizes that content-type-sniffing may be bad and that they are doing something about it. But is this really the right approach? BR, Julian