On Aug 10, 2012, at 4:33 PM, =JeffH <Jeff.Hodges@xxxxxxxxxxxxxxxxx> wrote: > Thanks Ben. > > > Jeff and I had a f2f discussion about this point in Vancouver. To paraphrase > > (and I assume he will correct me if if I mischaracterize anything), Jeff > > indicated that this really wasn't a MUST level requirement due to the > > variation and vagaries in application behavior and abilities. > > Yes, see the NOTE in section 7.2. > > > Rather, it's > > more of a "do the best you can" sort of thing. Specifically, he indicated > > that an implementation that chose to go ahead and serve unprotected content > > due to the listed caveats on redirecting to HTTPS would necessarily be > > out-of-compliance. > > I presume you actually mean "not necessarily", which would then be correct, unless I'm misunderstanding something. Oops, you are correct, that's a typo. > > > > If the requirement really that you SHOULD NOT (rather than MUST NOT) serve > > unprotected content, then I think the original language is okay. > > agreed. > > thanks, > > =JeffH > > > _______________________________________________ > Gen-art mailing list > Gen-art@xxxxxxxx > https://www.ietf.org/mailman/listinfo/gen-art