Trusted vs Unstrusted MIME types

[Michael Richardson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "Christopher" == Christopher Aillon <caillon at redhat.com> writes:
    Christopher> the default would be to simply download it.  That is
    Christopher> irrelevant because the browser implementors and mail
    Christopher> client implementors get to decide this. The point is
    Christopher> that they need to know that certain files might need to
    Christopher> be handled differently.

  The root cause of the failure mode of of Outlook and Internet Exploder
to keep the windows system safe:
   a) use the *SYSTEM* notion of safe/unsafe, which was designed at a
      time when the major risk was from unfriendly floppy disks.
   b) they ignore the MIME type, and try to auto-guess from the
      extension and the file contents. ".jpg" files are safe to pass
      to the system executer, but they don't tell the system executer
      what type they *THOUGHT* was going to invoked.

  What I care about is that once a MIME type has been provided that the
file extension and contents are NEVER looked at again... That way nobody
can lie and slip content in.

- -- 
Michael.Richardson at thintropy.com / mcr at xdsinc.net
XDS Inc, Ottawa, ON             
Personal: http://www.sandelman.ca/mcr/ 


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBRpGivYCLcPvd0N1lAQIhiAgAmVsVHxpwZ/NshNa+DRDcdxSiP4VFWO5r
LaFTfEufSlPprgPTbloI+gIuCbMpflTpobh4BLy/HAVeJ4BQ37A+5tmV05cRXV8t
tqbIS5DWw2uZIBxELaadr3Ak+DP55gRRgau5xMRhre9mhFCZcvnhvC2teb5HodRu
x8A+lF57YUV8kxdFX9QMlp8YZ8njOpO3Iy4fiYuH1rSJmp0+qWMCDxHf80yJE+9v
EfyEc295ktbUKhS+zAG4KqS7xExCZnaGs8K+Onl+iyxG9wz7Ihtqa6qttR7ZAJT9
8mQYSOVMNg5verNOkzFGfM3qYrVe3E/7KXmU25eUZ3uD/6G2yrFfpQ==
=IUWe
-----END PGP SIGNATURE-----