Anne van Kesteren wrote: > > On Fri, 16 May 2008 11:54:14 +0200, Thomas Roessler <tlr@w3.org> wrote: >>>> (ACTION-444 in Web Security Context.) >> >> I would suggest to explicitly say that a failure of the server >> identity check (section 3.1 of RFC 2818) MUST cause the client to >> terminate the connection. >> >> (RFC 2818 gives a choice of either giving the user a choice or >> terminating the connection.) > > I made it more explicit that user interaction is not be to performed. > Could the Web Security Context WG let me know whether this satisfies > their comment? Hmmm. Maybe I'm missing something, but why would user interaction be allowed for HTTP authentication, but not in these cases? BR, JulianReceived on Tuesday, 27 May 2008 12:38:50 UTC
This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:16:27 UTC