On Aug 10, 2012, at 4:33 PM, =JeffH
<Jeff(_dot_)Hodges(_at_)kingsmountain(_dot_)com> wrote:
Thanks Ben.
Jeff and I had a f2f discussion about this point in Vancouver. To paraphrase
(and I assume he will correct me if if I mischaracterize anything), Jeff
indicated that this really wasn't a MUST level requirement due to the
variation and vagaries in application behavior and abilities.
Yes, see the NOTE in section 7.2.
Rather, it's
more of a "do the best you can" sort of thing. Specifically, he indicated
that an implementation that chose to go ahead and serve unprotected content
due to the listed caveats on redirecting to HTTPS would necessarily be
out-of-compliance.
I presume you actually mean "not necessarily", which would then be correct,
unless I'm misunderstanding something.
Oops, you are correct, that's a typo.
If the requirement really that you SHOULD NOT (rather than MUST NOT) serve
unprotected content, then I think the original language is okay.
agreed.
thanks,
=JeffH
_______________________________________________
Gen-art mailing list
Gen-art(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/gen-art