Re: [Gen-art] Gen-ART LC Review of draft-ietf-websec-strict-transport-sec-11

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Aug 10, 2012, at 4:33 PM, =JeffH <Jeff.Hodges@xxxxxxxxxxxxxxxxx> wrote:

> Thanks Ben.
> 
> > Jeff and I had a f2f discussion about this point in Vancouver. To paraphrase
> > (and I assume he will correct me if if I mischaracterize anything), Jeff
> > indicated that this really wasn't a MUST level requirement due to the
> > variation and vagaries in application behavior and abilities.
> 
> Yes, see the NOTE in section 7.2.
> 
> > Rather, it's
> > more of a "do the best you can" sort of thing. Specifically, he indicated
> > that an implementation that chose to go ahead and serve unprotected content
> > due to the listed caveats on redirecting to HTTPS would necessarily be
> > out-of-compliance.
> 
> I presume you actually mean "not necessarily", which would then be correct, unless I'm misunderstanding something.

Oops, you are correct, that's a typo.

> 
> 
> > If the requirement really that you SHOULD NOT (rather than MUST NOT) serve
> > unprotected content, then I think the original language is okay.
> 
> agreed.
> 
> thanks,
> 
> =JeffH
> 
> 
> _______________________________________________
> Gen-art mailing list
> Gen-art@xxxxxxxx
> https://www.ietf.org/mailman/listinfo/gen-art




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]