W3C home > Mailing lists > Public > public-webapi@w3.org > May 2008

Re: TLS error handling in XMLHttpRequest

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 27 May 2008 14:38:07 +0200
Message-ID: <483C00AF.7090200@gmx.de>
To: Anne van Kesteren <annevk@opera.com>
CC: Thomas Roessler <tlr@w3.org>, public-webapi@w3.org, public-wsc-wg@w3.org

Anne van Kesteren wrote:
> 
> On Fri, 16 May 2008 11:54:14 +0200, Thomas Roessler <tlr@w3.org> wrote:
>>>> (ACTION-444 in Web Security Context.)
>>
>> I would suggest to explicitly say that a failure of the server
>> identity check (section 3.1 of RFC 2818) MUST cause the client to
>> terminate the connection.
>>
>> (RFC 2818 gives a choice of either giving the user a choice or
>> terminating the connection.)
> 
> I made it more explicit that user interaction is not be to performed. 
> Could the Web Security Context WG let me know whether this satisfies 
> their comment?

Hmmm. Maybe I'm missing something, but why would user interaction be 
allowed for HTTP authentication, but not in these cases?

BR, Julian
Received on Tuesday, 27 May 2008 12:38:50 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 May 2008 12:38:50 GMT