<hat="individual">
I agree with Paul, no need to specify more clearly here what is not
prohibited.
Best regards, Tobias
On 04/04/12 20:38, Paul Hoffman wrote:
On Apr 3, 2012, at 1:27 PM, Alexey Melnikov wrote:
8.3. Errors in Secure Transport Establishment
When connecting to a Known HSTS Host, the UA MUST terminate the
connection (see also Section 11 "User Agent Implementation Advice",
below) if there are any errors (e.g., certificate errors), whether
"warning" or "fatal" or any other error level, with the underlying
secure transport. This includes any issues with certificate
revocation checking whether via the Certificate Revocation List (CRL)
[RFC5280], or via the Online Certificate Status Protocol (OCSP)
[RFC2560].
This was discussed in Paris, but I had this in my notes already and would
like to emphasize this: I assume that explaining the reason for the failure
to the user (without letting the user to opt-out) is Ok? I think the document
needs to make it clear that this is not prohibited.
Disagree. There are plenty of things that are not prohibited by this (or any
other) protocol that go unmentioned. I don't see anything in this paragraph
that indicates that such messages are even discouraged, so the proposed
addition is unnecessary. It might be confusing, in that it will be the only
place where optional messages are allowed.
--Paul Hoffman
_______________________________________________
websec mailing list
websec@ietf.org
https://www.ietf.org/mailman/listinfo/websec
_______________________________________________
websec mailing list
websec@ietf.org
https://www.ietf.org/mailman/listinfo/websec
