On 10/27/2014 7:19 PM, Matthew Kerwin wrote: > So there is no model for communicating back to the browser that content > is safe or not, nevermind for communicating up to the user. > > > Actually, there's Preference-Applied. I don't recall seeing that > forbidden by this draft, and it's a "MAY send" in RFC 7240. That said, > it would still be a bit silly for a browser to add UI to advertise the > presence of the header. Forgive me, but: THAT HAS NOTHING TO DO WITH THIS DRAFT. My comments concerned only this draft. D/ -- Dave Crocker Brandenburg InternetWorking bbiw.net