- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Sat, 24 Mar 2012 16:56:51 -0700
- To: Amos Jeffries <squid3@treenet.co.nz>
- Cc: ietf-http-wg@w3.org
On 23 March 2012 16:51, Amos Jeffries <squid3@treenet.co.nz> wrote: > Was not the reasoning behind that MUST to prevent mishaps like IE6 selecting > the first presented option even if it was the worst security-wise? I don't think that there is much you can do to prevent this other than to note that some UAs do bad things like this. The UA should be acting in the best interests of its users and picking what it thinks is best. Putting that statement in the specification with a MUST would be an interesting (and totally untestable) choice. As Alexey notes, you can do a few things to describe the security of a particular scheme, but absolute statements of the sort "this is better than that" are not wise. --Martin
Received on Saturday, 24 March 2012 23:57:21 UTC