Re: #148: Reasonable Assurances and H2C from Martin Thomson on 2016-02-20 (ietf-http-wg@w3.org from January to March 2016)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 19 Feb 2016 18:44:32 -0800
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP WG <ietf-http-wg@w3.org>
Message-ID: <CABkgnnWAbKY8RZ5gvjPan3M_-XpjFSau0yDN97H=CfLb0DNL2g@mail.gmail.com>

On 19 February 2016 at 18:40, Mark Nottingham <mnot@mnot.net> wrote:
> "For the purposes of this document, "reasonable assurances" can be established through use of a TLS-based protocol with the certificate checks defined in RFC2818. Other means of establishing them MUST be documented in an RFC that updates this specification. Clients MAY impose additional criteria for establishing reasonable assurances."

That looks good.  I don't think that it helps to note that in practice
"MAY" becomes "will".

Received on Saturday, 20 February 2016 02:45:00 UTC