I'd like to point out that the topic of consistent content inspection was
discussed in the websec working group via:
http://tools.ietf.org/html/draft-ietf-websec-mime-sniff-03
which was abandoned in the IETF and taken up by WHATWG in
http://mimesniff.spec.whatwg.org/.
The "bugs" filed in IETF tracker:
http://trac.tools.ietf.org/wg/websec/trac/query?component=mime-sniff
and discussed at IETF 82 Taipei
http://tools.ietf.org/agenda/82/slides/websec-2.pdf
were subsequently reproduced in the WHATWG tracker
https://www.w3.org/Bugs/Public/show_bug.cgi?id=19746
Ideally, the "magic number" entry in the Media Type registry would be
retargeted to give instructions and prioritization for content recognition,
especially in cases (such as ftp: and file: access) where there is no channel
for content-type transmission.
Fixing content-type sniffing goes beyond http and should be addressed directly.
Larry
--
http://larry.masinter.net