On Jun 20, 2016, at 3:22 PM, Tony Hain <alh-ietf(_at_)tndh(_dot_)net> wrote:
What section 7 does not say is "HTTPS access will NOT attempt to deliver
unsecured content". I get really annoyed by sites that are lazy and refer to
random images that are outside the security scope. Mixed content should be
explicitly forbidden in this SOW.
I agree that this would be the correct goal, but we didn't get it into the SOW.
Please file a bug if you see that happening when we have running code, and
we'll do the best we can to chase those down where possible.
--
Joe Hildebrand