Keith; MIME developers are. MIME is too much e-mail centric. Whether one use content-type or file name is irrelevant to mail security, just as whether one use uuencode or base64 is irrelevant, on both of which MIME developers wasted a lot of time. > It also > produced mail readers that didn't properly label content on outgoing mail and > ignored the content-type parameter on incoming mail, instead looking at the > suffix of a nonstandard "filename" parameter (which was only intended for use > with application/octet-stream). On most OSes, including but not limited to UNIX, that's the way to designate content types of files. MIME should have followed the practice and IANA could be the central authority to register filename extensions with their possible security holes. Instead, MIME developers arrogantly claimed that OSes should be modified to support MIME content-type (and even that text files on OSes should use MIME format to support other tags such as charset). Rest of us righteously ignored it. > Words that come to mind to describe this include: Willful, Criminal, and > Negligence. Exactly. But, see above. Masataka Ohta