>> Tangent: I know we want to avoid implementations that do foolish things >> being claimed as compliant, but IMO, the requirement that input come >> from a "human user" is goofy for a technical specification and in >> practice a non-starter. A web browser that followed a HTTP redirection >> to a https: URL would violate it. The web has evolved toward complex >> applications in which all pretense that the user is mediating the >> issuance of HTTP requests has been abandoned, which brings major >> productivity benefits as well as major security implications; ignoring >> this would be a mistake. > > Wes Hardaker also raised this issue in his review. Jeff and I agree that > this is an open issue and are working to address it. Addressing that would likely satisfy my issue nicely. Barry _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf