> On Jun 20, 2016, at 3:22 PM, Tony Hain <alh-ietf@xxxxxxxx> wrote: > > What section 7 does not say is "HTTPS access will NOT attempt to deliver unsecured content". I get really annoyed by sites that are lazy and refer to random images that are outside the security scope. Mixed content should be explicitly forbidden in this SOW. I agree that this would be the correct goal, but we didn't get it into the SOW. Please file a bug if you see that happening when we have running code, and we'll do the best we can to chase those down where possible. -- Joe Hildebrand