What section 7 does not say is "HTTPS access will NOT attempt to deliver unsecured content". I get really annoyed by sites that are lazy and refer to random images that are outside the security scope. Mixed content should be explicitly forbidden in this SOW. Tony > -----Original Message----- > From: ietf [mailto:ietf-bounces@xxxxxxxx] On Behalf Of Joe Hildebrand > Sent: Monday, June 20, 2016 11:53 AM > To: Randal Atkinson > Cc: ietf@xxxxxxxx > Subject: Re: www.ietf.org Revamp Update > > > > On Jun 18, 2016, at 2:47 PM, Randal Atkinson <rja.lists@xxxxxxxxx> wrote: > > > > Jari, > > > > While the idea of a web site update is fine, the information supplied > > about the new website at the URL in the note posted recently was — > > oddly — missing what might be the most important pieces of information > for an IETF web site: > > > > - Will the new web site be fully compliant with applicable IETF and > W3C standards ? > > - If yes, will this include, for example, HTML5 compliance ? > > - If yes, how is standards compliance being verified ? > > > > IMHO, we ought not be deploying an IETF web site that is not fully > > compliant with appropriate Internet standards, whether our own > standards or W3C’s standards. > > > > In specific, I believe IETF ought NOT be deploying a website with > proprietary stuff. > > As the project manager for the website revamp: > > As Section 7 in the Scope of Work linked from the update blog post > (https://iaoc.ietf.org/documents/IETF-Website-SOW-20140604-Final.pdf) > indicates, the new website must be built with HTML5 and other open web > standards. We will be verifying this before accepting delivery from the > vendor. > > Also, we've been careful to tell them that the site has to work (although > perhaps without as many bells and whistles) if JavaScript is disabled in your > browser. > > Finally, if the community finds places that we've missed for some reason, > we will accept bug reports, as usual. > > -- > Joe Hildebrand